How to resolve Anti-Malware and Sandboxing false positive case
How to inspect whether the file is malicious or not?
You can upload the file which is detected as suspicious or malicious by Anti-Malware or Sandboxing to virustotal ( https://www.virustotal.com/gui/home/upload) to detect the file is malicious or not.
Once the detection result of the virustotal is clear, it means it could be a potentially false positive case.
How to resolve it temporarily?
For example, when executing the Windows update, two Windows.NET programs donet-runtime-3.1.31-win- and aspnetcore-runtime-3.1.31-win were detected as suspicious programs and dropped by the firewall so we cannot run the Windows update successfully.
Sandboxing false-positive case
There are two programs that were detected as suspicious programs by Sandboxing.
MD5 hash values of each file
Add those two files’ MD5 value to Allow List in Anti-Malware (Configuration > Security Service > Anti-Malware> Block/Allow List> Allow List) to let the program update can be completed temporarily and report this false-positive case to Zyxel.
Anti-Malware false-positive case
For example, a file called amupdate.exe is detected as a malicious file by Anti-Malware while the user is executing McAfee regular update.
Add the MD5 value of the file to Allow List in Anti-Malware (Configuration > Security Service > Anti-Malware> Block/Allow List> Allow List) to let the program update can be completed temporarily and report this false-positive case to Zyxel.
How to report the
false-positive case to Zyxel?
Please provide the following information to us:
(1). The screenshot of the Monitor Log, Security Statistics, or the dashboard which can display the file name and MD5 value.
(2). The screenshot of virustotal detection result.
(3). File name
(4). MD5 hash value
(5). File (such as .exe file)
(6). (If it’s an Anti-Malware false positive case...) What is the scan mode (Express, Stream, or Hybrid) and its signature version?
Once
we confirm it’s indeed a false positive case and we will fix it.
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 115 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 64 Switch Ideas
- 900 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 832 Nebula FAQ
- 402 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight