USG Flex 200 -> Windows Update files Virus infected ??

Options
Vagabound
Vagabound Posts: 28  Freshman Member
10 Comments Friend Collector
During today's Windows Patchday the following alerts were issued:
Log message: Crit -> anti-virus -> FILE DESTROY -> Virus infected SSI:N Type:Anti-Malware Cache Virus:Malicious Virus File: aspnetcore-runtime-6.0.13-win-x64_96394443f8267732e9285722d6085 Protocol: HTTP.

Is it possible that Windows Update files contain a virus?
Is rather unlikely or?

Could Zyxel check this?
«1

All Replies

  • mMontana
    mMontana Posts: 1,340  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    I'd vote for a false positive.
    Not the first time unfortunately, and I hope that this kind of occurrence won't happen again for real.
  • Vagabound
    Vagabound Posts: 28  Freshman Member
    10 Comments Friend Collector
    Options
    Exactly, I may remember that this was already the case on the December 2022 patchday, unfortunately. But maybe Zyxel can tell us more about it.

  • mMontana
    mMontana Posts: 1,340  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    I'd like so. I won't put much hope in "preemptive" solution for february.
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,462  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @Vagabound,

    We are working on it, keep you updated.
  • Vagabound
    Vagabound Posts: 28  Freshman Member
    10 Comments Friend Collector
    Options
    Thank you for your feedback. Then we hope for the February patchday ;)

  • mMontana
    mMontana Posts: 1,340  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    We are working on it, keep you updated.

    Zyxel do not have access to preview of the updates? Can act only after Microsoft release?
  • Vagabound
    Vagabound Posts: 28  Freshman Member
    10 Comments Friend Collector
    Options
    Zyxel could communicate with Microsoft and get the files in advance.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,462  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @Vagabound,

    We mark both files hash as clean in cloud. Please reboot firewall to flush local cache and verify it again. Thanks.
  • Vagabound
    Vagabound Posts: 28  Freshman Member
    10 Comments Friend Collector
    Options
    Thank you for your cooperation.
    The firewall is restarted daily, so the local cache should be empty now.
    We can test the whole thing only with the February patchday, because all systems are already updated with us, from then we know more exactly.

  • Vagabound
    Vagabound Posts: 28  Freshman Member
    10 Comments Friend Collector
    Options
    I was able to update a PC today and it worked fine without any alerts in the logfile. =)
    Let's see how it looks like on the February patchday.

Security Highlight