ATP100 - Anti-Malware - False Positive?

e_mano_e
e_mano_e Posts: 24  Freshman Member
Hi,

the CDR feature of the ATP100 generated many e-mails regarding Malware from different Client computers. All client IP adresses are clients with McAfee/Trellix antivirus installed.

The log entry from the ATP100 is this:
Virus infected SSI:N Type:Anti-Malware Signature Virus:DeepScan.Generic.64beffbe File:McAfee_Common_x64.msi Protocol:HTTP

When I remember correctly the engine used for Anti-Malware on the ATP is McAfee.
So the McAfee engine founds a virus in a McAfee file. Interesting!

Is there a place where I can submit this false positive to Zyxel or McAfee?

Thanks.

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 954  Zyxel Employee
    Hi @e_mano_e,
    McAfee is content filter service. As for Anti-malware, it is Bitdefender.
    Will this log trigger every time when update McAfee/Trellix antivirus?
    Could you share the McAfee/Trellix antivirus version information ?
  • e_mano_e
    e_mano_e Posts: 24  Freshman Member
    @Zyxel_Cooldia
    McAfee shows version numbers for each module installed.

    McAfee Data Exchange Layer: Version 6.0.3.646
    McAfee Agent: Version 5.7.6.251
    McAfee DLP Endpoint: Version 11.6.500.172
    McAfee Client Proxy: Version 4.4.056
    McAfee Endpoint Security Plattform: Version 10.7.0.3460
    McAfee Adaptiver Bedrohungsschutz: Version 10.7.0.3590
    McAfee Bedrohungsschutz: Version 10.7.0.3497

    This log entry seems to be created once per day.
    I've just got another customer call complaining about many CDR emails from the ATP100.
    Yesterday it was another customer. Also in the morning (here in Germany).

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 954  Zyxel Employee
    Hi @e_mano_e,
    We are working on it, will get back to you as soon as possible.

Security Highlight