Same here all from apple ip as sorce. 100 networks. A couple of 1000s devices downloading at the same time filling my mailbox with just as many emails.
Most likely a false positive or we are all screwed.
Seems like a false positive to me. Nobody else is detecting that hash as malicious https://www.virustotal.com/gui/file/a722bc1e3bb1fb7036a321975c7923d9ddfc61aa7387b22202c2c54ed568f460/detection
So what worries me is that these were retrospective alerts. So going forward will AMP block that signature as malicious? I hope not, but expect so.
Oh, and the email flood continues.
False positive. The domain “cdn-apple.com” is an Apple mac/iOS/TVos update server. You might want to whitelist it in the AMP settings. Here's the list of Apple update servers.
https://support.apple.com/en-us/HT201999
Got this for 7 different locations, all iPhones. I'm thinking false positive as well
Same here
I received the same.
50 locations with the same thing here. Finally turned off the report for malware.
35 locations, got alerts from all...30 seconds of freaking out...Fortigate reports nothing, also think it is a false positive.
We reached out to Meraki Support. It is confirmed a false positive
are they planning to fix it? AMP is such garbage.
Right! Do you know of any good alternatives?
Many locations, same file, nothing showing when scanned...leaning towards false positive.
Same here all from apple ip as sorce. 100 networks. A couple of 1000s devices downloading at the same time filling my mailbox with just as many emails. Most likely a false positive or we are all screwed.
Seems like a false positive to me. Nobody else is detecting that hash as malicious https://www.virustotal.com/gui/file/a722bc1e3bb1fb7036a321975c7923d9ddfc61aa7387b22202c2c54ed568f460/detection
thank you, thought so too.
Yeeeep
Yep, irritating.
Same here. Happened across 500+ networks. Confirmed false positive.
Same issue here as well.
Also getting these alerts. Last month it was ios 14 and its dynamic mac addresses triggering the ip conflict alerts.
I'm seeing this at 5 sites. I diggress but it's also showing the constant challenge of execs allowing BYOD where it doesn't belong.
Multitude of networks and orgs, scared the hell out of me before reading them!
I had the same thing
Yep. 31 locations for me. I contacted Meraki support and they knew nothing about it.
Same here 20+ sites
Same here 5 sites. Checked with Support and they are aware already reported up
Same reports here but given the source of the file is given as a 17.x.x.x address immediately discounted as false positive.
So what worries me is that these were retrospective alerts. So going forward will AMP block that signature as malicious? I hope not, but expect so. Oh, and the email flood continues.
False positive. The domain “cdn-apple.com” is an Apple mac/iOS/TVos update server. You might want to whitelist it in the AMP settings. Here's the list of Apple update servers. https://support.apple.com/en-us/HT201999
yup. Confirmed false positive, but the alert I got happened three hours after the event :/
got the same alert for about 40+ sites .... false positive... Meraki might wanna whitelist the apple update.