Sandbox false positive .NET 6.0.11 Update

Dexta

It seems, that the sandbox has a false positive on the windows update for the .net application.

 URL: au.download.windowsupdate.com/c/msdownload/update/software/crup/2022/10/windowsdesktop-runtime-6.0.11-win-x64_b9e3ab8e3048170d9e3eabf6761d423eb4c93c6d.exe

Hash value: 5cd9064d70607bd1cb8b6eb6405360f9

Is there no way to whitelist certain files or URL's?

Kind regards,

Michael

Zyxel_Emily

Hi @Dexta,

We change the hash value "5cd9064d70607bd1cb8b6eb6405360f9" to "Clean" category. The file will not be detected as suspicious. Remember to reboot the device to clean device's local cache of Anti-Malware and Sandboxing. Then monitor the Sandboxing logs and see if the issue is resolved.

Zyxel_Emily

Hi @Dexta,

Is the file deteted as malicious or suspicious file? Please go to MONITOR > Security Statistics > Sandboxing > Summary and capture the screen shot of "Statistics" for us.  

Dexta

Hi,

it's marked as suspicious. Attached you find to picuters. I couldn't find the path you wrote. Propably because we are using nebula.

Let me know if you need something else.

 

Zyxel_Emily

Hi @Dexta,

We change the hash value "5cd9064d70607bd1cb8b6eb6405360f9" to "Clean" category. The file will not be detected as suspicious. Remember to reboot the device to clean device's local cache of Anti-Malware and Sandboxing. Then monitor the Sandboxing logs and see if the issue is resolved.