Probable False Positive ESET Endpoint Security application
jobo124910
Posts: 1
in Security
Hello,
When trying to update ESET Endpoint Security (32-bit) on a Windows computer, the Zyxel ATP200 Anti-malware detects malware.
When downloading the file directly from a different computer the same detection happens.
From the logs:
2022-05-03 12:44:27 91.228.167.25:443 <ip address removed>:59285 warn anti-virus FILE DESTROY Virus infected SSI:Y Type:Anti-Malware Signature Virus:Wildcore.Virus.fb63d804 File:ees_nt32.msi Protocol:HTTP
This is version 9.0.2046.0 of the ESET Endpoint Antivirus software (32-bit). The Zyxel Antimalware signature version is 2.1.1.20220502.0.
Online scanning on Virustotal of the file url shows no detections. See https://www.virustotal.com/gui/url/19b65cb703b28fb7a7eda1045fc99f314cb054f6669bde492556c003e5d74d89/detection
Can you confirm this is a false positive?
When trying to update ESET Endpoint Security (32-bit) on a Windows computer, the Zyxel ATP200 Anti-malware detects malware.
When downloading the file directly from a different computer the same detection happens.
From the logs:
2022-05-03 12:44:27 91.228.167.25:443 <ip address removed>:59285 warn anti-virus FILE DESTROY Virus infected SSI:Y Type:Anti-Malware Signature Virus:Wildcore.Virus.fb63d804 File:ees_nt32.msi Protocol:HTTP
This is version 9.0.2046.0 of the ESET Endpoint Antivirus software (32-bit). The Zyxel Antimalware signature version is 2.1.1.20220502.0.
Online scanning on Virustotal of the file url shows no detections. See https://www.virustotal.com/gui/url/19b65cb703b28fb7a7eda1045fc99f314cb054f6669bde492556c003e5d74d89/detection
Can you confirm this is a false positive?
0
All Replies
-
Hello @jobo124910,Could you provide the complete log, reproduce steps, and Signature version? and Which software did you update and which version did you update to?We will check if it's a false positive.Moreover, we could add it to the Allow List based on the logs to prevent the detection.Navigate to Security Service > Anti-Malware > Allow List, add an allowed rule, select "File Pattern" as Type, and input "ees_nt32.msi" to the Value.Thank you.James0
-
Hello @jobo124910,Thanks for the feedback, I can confirm the problem you meet is a false positive.I download ees_nt32.msi (32-bit) from HFS, then the warn log appears. However, it only happens when downloading ees_nt32.msi instead of ees_nt64.msi (64-bit)We will check on this and improve Anti-Malware, thank you.James0
-
Any ETA for solving this issue, @Zyxel_James?
0 -
Hello @mMontana,We can not offer an ETA now, however, we will let you know the detection is fixed once the update is available.Thank you.James0
-
Hello @jobo124910, @mMontana,Now the false detection is removed in the current signature version.Please update to version 2.1.1.20220511.0 and try again, thank you.James0
Zyxel Employee
Guru Member
Categories
- All Categories
- 415 Beta Program
- 2.5K Nebula
- 152 Nebula Ideas
- 101 Nebula Status and Incidents
- 5.8K Security
- 296 USG FLEX H Series
- 281 Security Ideas
- 1.5K Switch
- 77 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 254 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 76 Security Highlight
