Sandbox false positive .NET 6.0.11 Update

Dexta
Dexta Posts: 11
First Anniversary Friend Collector First Comment
edited November 2022 in Security
It seems, that the sandbox has a false positive on the windows update for the .net application.
 URL: au.download.windowsupdate.com/c/msdownload/update/software/crup/2022/10/windowsdesktop-runtime-6.0.11-win-x64_b9e3ab8e3048170d9e3eabf6761d423eb4c93c6d.exe
Hash value: 5cd9064d70607bd1cb8b6eb6405360f9
Is there no way to whitelist certain files or URL's?
Kind regards,
Michael

Accepted Solution

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited November 2022 Answer ✓
    Hi @Dexta,
    We change the hash value "5cd9064d70607bd1cb8b6eb6405360f9" to "Clean" category. The file will not be detected as suspicious. Remember to reboot the device to clean device's local cache of Anti-Malware and Sandboxing. Then monitor the Sandboxing logs and see if the issue is resolved.

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @Dexta,
    Is the file deteted as malicious or suspicious file? Please go to MONITOR > Security Statistics > Sandboxing > Summary and capture the screen shot of "Statistics" for us.   =)
  • Dexta
    Dexta Posts: 11
    First Anniversary Friend Collector First Comment
    Hi,
    it's marked as suspicious. Attached you find to picuters. I couldn't find the path you wrote. Propably because we are using nebula.

    Let me know if you need something else.
     
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited November 2022 Answer ✓
    Hi @Dexta,
    We change the hash value "5cd9064d70607bd1cb8b6eb6405360f9" to "Clean" category. The file will not be detected as suspicious. Remember to reboot the device to clean device's local cache of Anti-Malware and Sandboxing. Then monitor the Sandboxing logs and see if the issue is resolved.

Security Highlight