python-gdcm icon indicating copy to clipboard operation
python-gdcm copied to clipboard
verified publisher icon tfmoraes

Cisco Secure Endpoint quarantines - python_gdcm-3.0.23-cp310-cp310-win_amd64.whl

Open jrineck opened this issue 1 year ago • 4 comments

We are seeing the python_gdcm-3.0.23-cp310-cp310-win_amd64.whl install by pip get flagged as potentially malicious and quarantined. Reviewed the File Analysis from Cisco Secure Endpoint and believe this to be a false positive (largely driven by 'PE references CreateToolhelp32Snapshot without import.'), wanted to make the maintainers aware

python_gdcm-3.0.23-cp310-cp310-win_amd64.docx

jrineck avatar Mar 13 '24 20:03 jrineck

I think it's because it was using a old version of openssl. I updated it to last openssl version. Try to check it https://we.tl/t-VJToO7GMe6

tfmoraes avatar Mar 13 '24 22:03 tfmoraes

@tfmoraes, would you be able to reshare the link to download the wheel with updated OpenSSL version? The link has expired

jrineck avatar Mar 28 '24 17:03 jrineck

Try this https://we.tl/t-vT1oUpmFj3

tfmoraes avatar Mar 28 '24 23:03 tfmoraes

Thank you very much, ZIP downloaded. I have a commitment from the researchers using this package to test the install of the update .whl and report back early next week (particularly if our EDR tools are still quarantining the file).

jrineck avatar Mar 29 '24 21:03 jrineck