Cisco AMP reporting Brave as malware

windows

#1

Description of the issue:

Cisco AMP for Endpoints is reporting Brave for Windows 64bit as Malware W32.637012E7EF-95.SBX.TG

Steps to Reproduce (add as many as necessary): 1. 2. 3.

Attempt to download Brave on Windows 7 Desktop 64bit with Cisco AMP installed.

Brave Version(about:brave):

Unknown. Latest Version available as of 12:16 PM EST 2/4/2019 from https://laptop-updates.brave.com/latest/winx64


#2

@Balandar, would you mind sharing which files were flagged? I’m guessing it’s . the tor0.3.4.9 file?


#3

Honestly, I don’t know. I only have access to the AMP Endpoint which terminates the download as soon as it begins. I’m assuming AMP is seeing the setup file as malware as I can’t even get the download to complete.


#4

@Mattches Have some additional details:

Detected W32.637012E7EF-95.SBX.TG as 1135.tmp , BraveSoftware Update 1.3.99.0 (
637012e7…5c5f6ce0)[PE_Executable] .

File SHA-1: ef6b7bdf673818de3e2c1d630d0d527d06de984e.

File MD5: 110c0291ab96d64525bab20a5a2896c8.

File size: 1283800 bytes.

File signed by Brave Software, Inc. with certificate serial 0815c9ccd49a7c0e6de478efe90f9669 from DigiCert SHA2 Assured ID Code Signing CA. Expires 12:00:00, Thu Jul 16 2020 UTC. the certificate was warn trusted

File cert MD5: 45044007d7fe869918ba8a979749f054.

File cert SHA-1: d8fb5fd2ec5048777426e06e40e9a07d2a31a958.


#5

Thank you for the information. I’ve started correspondence with Cisco AMP and will let you know what we determine. Appreciate your patience.