It appears that today, Jun 15, 2022, Cisco AMP for Endpoints detects syncthing.exe as Malicious, the SHA-256 detection is 86f427bc949d5087dbcbcbec788acd488b95306a0090c550eced3bbfc7d2d844. It’s being detected with these signatures: W32.File.MalParent, and W32.86F427BC94-100.SBX.TG.

I’m going to declare it whitelisted and force AMP to put it back. Just wanted you all to know. Thanks!

I “fixed” it by creating an AMP Exclusion definition and giving it these SHA256 hashes:

f8e2a0cc7d14f985c1edc9fa95fab2c54c7d429805d9a8fd2b09729914e02898

86f427bc949d5087dbcbcbec788acd488b95306a0090c550eced3bbfc7d2d844

8269B3659EBD5B55E981BCDF72C13BBB296BA8C6F89829CB4E5DA10958F37704

Once I did that, I copied syncthing.exe back to where it belonged and ran it. Phew!