How to resolve Anti-Malware and Sandboxing false positive case
How to inspect whether the file is malicious or not?
You can upload the file which is detected as suspicious or malicious by Anti-Malware or Sandboxing to virustotal ( https://www.virustotal.com/gui/home/upload) to detect the file is malicious or not.
Once the detection result of the virustotal is clear, it means it could be a potentially false positive case.
How to resolve it temporarily?
For example, when executing the Windows update, two Windows.NET programs donet-runtime-3.1.31-win- and aspnetcore-runtime-3.1.31-win were detected as suspicious programs and dropped by the firewall so we cannot run the Windows update successfully.
Sandboxing false-positive case
There are two programs that were detected as suspicious programs by Sandboxing.
MD5 hash values of each file
Add those two files’ MD5 value to Allow List in Anti-Malware (Configuration > Security Service > Anti-Malware> Block/Allow List> Allow List) to let the program update can be completed temporarily and report this false-positive case to Zyxel.
Anti-Malware false-positive case
For example, a file called amupdate.exe is detected as a malicious file by Anti-Malware while the user is executing McAfee regular update.
Add the MD5 value of the file to Allow List in Anti-Malware (Configuration > Security Service > Anti-Malware> Block/Allow List> Allow List) to let the program update can be completed temporarily and report this false-positive case to Zyxel.
How to report the
false-positive case to Zyxel?
Please provide the following information to us:
(1). The screenshot of the Monitor Log, Security Statistics, or the dashboard which can display the file name and MD5 value.
(2). The screenshot of virustotal detection result.
(3). File name
(4). MD5 hash value
(5). File (such as .exe file)
(6). (If it’s an Anti-Malware false positive case...) What is the scan mode (Express, Stream, or Hybrid) and its signature version?
Then please contact Zyxel local support or post it on the Zyxel forum.
See how you've made an impact in Zyxel Community this year!
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight