ATP100 - Anti-Malware - False Positive?

e_mano_e

Hi,

the CDR feature of the ATP100 generated many e-mails regarding Malware from different Client computers. All client IP adresses are clients with McAfee/Trellix antivirus installed.

The log entry from the ATP100 is this:
Virus infected SSI:N Type:Anti-Malware Signature Virus:DeepScan.Generic.64beffbe File:McAfee_Common_x64.msi Protocol:HTTP

When I remember correctly the engine used for Anti-Malware on the ATP is McAfee.
So the McAfee engine founds a virus in a McAfee file. Interesting!

Is there a place where I can submit this false positive to Zyxel or McAfee?

Thanks.

Zyxel_Cooldia

Hi @e_mano_e,
McAfee is content filter service. As for Anti-malware, it is Bitdefender.
Will this log trigger every time when update McAfee/Trellix antivirus?
Could you share the McAfee/Trellix antivirus version information ?

e_mano_e

@Zyxel_Cooldia
McAfee shows version numbers for each module installed.

McAfee Data Exchange Layer: Version 6.0.3.646
McAfee Agent: Version 5.7.6.251
McAfee DLP Endpoint: Version 11.6.500.172
McAfee Client Proxy: Version 4.4.056
McAfee Endpoint Security Plattform: Version 10.7.0.3460
McAfee Adaptiver Bedrohungsschutz: Version 10.7.0.3590
McAfee Bedrohungsschutz: Version 10.7.0.3497

This log entry seems to be created once per day.
I've just got another customer call complaining about many CDR emails from the ATP100.
Yesterday it was another customer. Also in the morning (here in Germany).

Zyxel_Cooldia

Hi @e_mano_e,
We are working on it, will get back to you as soon as possible.