Hi,
In our Azure AD/Intune ecosystem M365 defender blocked Kali Linux VirtualBox .7z file with the hash - 14120fecb623bd001c3ece5d431a0466b2c20bdb76066d6224 482448248ceed1 from https://kali.koyanet.lv/kali-images/...albox-amd64.7z link. And is registered as incident/ 'Ulthar' malware.
Checked the repository - this is legit repository for LV. http://cdimage.kali.org/README.mirrorlist
Hash shown there does not match the one blocked in M365. Index of /kali-images/kali-2023.2/ (koyanet.lv)
When I added .7z file format to local Windows exceptions, then hash for the successfully downloaded file matched the one in mirror and is D1F366A41FD5DFCFA6B7795ACE45EF30FC563D73CF9386F735 1B8AD17BECC865.
Right now can't understand why before adding to local exceptions there is different hash for the file.
Virus Total is showing that the link is clean VirusTotal - URL - b97c3edd6e5762472e5d15a75e9dfbba8dbc16c379707a98c4 4202f7ef5cd58f ( 01.06.2023)
This situation is happening for the multiple Windows 11 (22H2) workstations and multiple users under Azure AD. Blocked hash is the same for all the them. Any ideas?
There are no issues with the previous version kali-2023.1/ version.