False malicious activities / windows update
All Replies
-
Unfortunately, this has become an issue for all our customers running ATPs (200/500), like itariant pointed out.
We hope to see this fixed soon.0 -
i know that I can add it to the whitelist but I would avoid to add things to whitelist. if a real attack-variant of Gen.Variant.Barys.413913b9 happens it would pass through the network without any block
0 -
Same here, with USG110 signature 1.0.0.20220725.0 and this is the log:
Virus infected Rule_id=X SSI=N Virus=A Gen.Variant.MSILHeracles.d9848e25 File=R1i0taOmKOo5ANcodkP4lSXFhFo6NnChrVWY4oKQ8KxBaYWSLC+40l7WK9Tpd Protocol=HTTP
0 -
Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.Barys.413913b9 File:35ab3bed-e32b-4bd1-9d46-ca69e91c7726 Protocol:HTTPsource external ip is 209.197.3.8 that seems to be used by microsoft for CDN (updates and similar)IP is the same of the one that is found for the Wildcore signature
0 -
Hi @Systrategy @MacroLuvisi @AlfericThank your feedback, We will investigate these signatures as soon as possible.
Also, Did you know what is the operation that triggers these ?
Could you kindly provide the operation step or download link ?
Kevin0 -
it comes from various PC clients on the network but the fact that the IP is the same makes me thinkk it is skype update as indicated by previous emails
0 -
Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.Barys.413913b9 File:Microsoft.MicrosoftOfficeHub_18.2205.1091.0_neutral_~_8wekyb3d8 Protocol:HTTP [count=8]something also related to office updates or similar (MicrosoftOfficeHub)0
-
it is not stopped..it is happening again even after latest signatures released yesterday night:
2.1.3.20220727.0
0 -
Virus infected SSI:N Type:Anti-Malware Signature Virus:Wildcore.Virus.4a4ec363 File:6313b3e0-e981-4721-898b-52b5cd56c894 Protocol:HTTP [count=7]
0 -
also this one sometimes (as reported by user Gianmarco who opened the thread)Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.Barys.413913b9 File:AD2F1837.HPPrinterControl_137.1.291.0_neutral_~_v10z8vjag6ke6.M Protocol:HTTP
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight