Sandbox false positive .NET 6.0.11 Update

Dexta
Dexta Posts: 14  Freshman Member
First Comment Friend Collector First Anniversary
edited November 2022 in Security
It seems, that the sandbox has a false positive on the windows update for the .net application.
 URL: au.download.windowsupdate.com/c/msdownload/update/software/crup/2022/10/windowsdesktop-runtime-6.0.11-win-x64_b9e3ab8e3048170d9e3eabf6761d423eb4c93c6d.exe
Hash value: 5cd9064d70607bd1cb8b6eb6405360f9
Is there no way to whitelist certain files or URL's?
Kind regards,
Michael

Accepted Solution

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    edited November 2022 Answer ✓
    Hi @Dexta,
    We change the hash value "5cd9064d70607bd1cb8b6eb6405360f9" to "Clean" category. The file will not be detected as suspicious. Remember to reboot the device to clean device's local cache of Anti-Malware and Sandboxing. Then monitor the Sandboxing logs and see if the issue is resolved.

    See how you've made an impact in Zyxel Community this year!
    https://bit.ly/Your2024Moments_Community

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Hi @Dexta,
    Is the file deteted as malicious or suspicious file? Please go to MONITOR > Security Statistics > Sandboxing > Summary and capture the screen shot of "Statistics" for us.   =)

    See how you've made an impact in Zyxel Community this year!
    https://bit.ly/Your2024Moments_Community

  • Dexta
    Dexta Posts: 14  Freshman Member
    First Comment Friend Collector First Anniversary
    Hi,
    it's marked as suspicious. Attached you find to picuters. I couldn't find the path you wrote. Propably because we are using nebula.

    Let me know if you need something else.
     
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    edited November 2022 Answer ✓
    Hi @Dexta,
    We change the hash value "5cd9064d70607bd1cb8b6eb6405360f9" to "Clean" category. The file will not be detected as suspicious. Remember to reboot the device to clean device's local cache of Anti-Malware and Sandboxing. Then monitor the Sandboxing logs and see if the issue is resolved.

    See how you've made an impact in Zyxel Community this year!
    https://bit.ly/Your2024Moments_Community

Security Highlight