Cisco AMP Detection for syncthing.exe as Malicious

It appears that today, Jun 15, 2022, Cisco AMP for Endpoints detects syncthing.exe as Malicious, the SHA-256 detection is 86f427bc949d5087dbcbcbec788acd488b95306a0090c550eced3bbfc7d2d844. It’s being detected with these signatures: W32.File.MalParent, and W32.86F427BC94-100.SBX.TG.

I’m going to declare it whitelisted and force AMP to put it back. Just wanted you all to know. Thanks!

I “fixed” it by creating an AMP Exclusion definition and giving it these SHA256 hashes:




Once I did that, I copied syncthing.exe back to where it belonged and ran it. Phew!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.