It appears that today, Jun 15, 2022, Cisco AMP for Endpoints detects syncthing.exe as Malicious, the SHA-256 detection is 86f427bc949d5087dbcbcbec788acd488b95306a0090c550eced3bbfc7d2d844. It’s being detected with these signatures: W32.File.MalParent, and W32.86F427BC94-100.SBX.TG.
I’m going to declare it whitelisted and force AMP to put it back. Just wanted you all to know. Thanks!
I “fixed” it by creating an AMP Exclusion definition and giving it these SHA256 hashes:
f8e2a0cc7d14f985c1edc9fa95fab2c54c7d429805d9a8fd2b09729914e02898
86f427bc949d5087dbcbcbec788acd488b95306a0090c550eced3bbfc7d2d844
8269B3659EBD5B55E981BCDF72C13BBB296BA8C6F89829CB4E5DA10958F37704
Once I did that, I copied syncthing.exe back to where it belonged and ran it. Phew!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.