How to resolve Anti-Malware and Sandboxing false positive case







How to inspect whether the file is malicious or not?
You can upload the file which is detected as suspicious or malicious by Anti-Malware or Sandboxing to virustotal ( https://www.virustotal.com/gui/home/upload) to detect the file is malicious or not.
Once the detection result of the virustotal is clear, it means it could be a potentially false positive case.
How to resolve it temporarily?
For example, when executing the Windows update, two Windows.NET programs donet-runtime-3.1.31-win- and aspnetcore-runtime-3.1.31-win were detected as suspicious programs and dropped by the firewall so we cannot run the Windows update successfully.
Sandboxing false-positive case
There are two programs that were detected as suspicious programs by Sandboxing.
MD5 hash values of each file
Add those two files’ MD5 value to Allow List in Anti-Malware (Configuration > Security Service > Anti-Malware> Block/Allow List> Allow List) to let the program update can be completed temporarily and report this false-positive case to Zyxel.
Anti-Malware false-positive case
For example, a file called amupdate.exe is detected as a malicious file by Anti-Malware while the user is executing McAfee regular update.
Add the MD5 value of the file to Allow List in Anti-Malware (Configuration > Security Service > Anti-Malware> Block/Allow List> Allow List) to let the program update can be completed temporarily and report this false-positive case to Zyxel.
How to report the
false-positive case to Zyxel?
Please provide the following information to us:
(1). The screenshot of the Monitor Log, Security Statistics, or the dashboard which can display the file name and MD5 value.
(2). The screenshot of virustotal detection result.
(3). File name
(4). MD5 hash value
(5). File (such as .exe file)
(6). (If it’s an Anti-Malware false positive case...) What is the scan mode (Express, Stream, or Hybrid) and its signature version?
Once
we confirm it’s indeed a false positive case and we will fix it.
Categories
- All Categories
- 178 Beta Program
- 1.7K Nebula
- 88 Nebula Ideas
- 63 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 51 Switch Ideas
- 913 WirelessLAN
- 27 WLAN Ideas
- 5.4K Consumer Product
- 174 Service & License
- 295 News and Release
- 65 Security Advisories
- 14 Education Center
- 978 FAQ
- 424 Nebula FAQ
- 253 Security FAQ
- 100 Switch FAQ
- 115 WirelessLAN FAQ
- 21 Consumer Product FAQ
- 65 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 68 About Community
- 52 Security Highlight