USG Flex 200 -> Windows Update files Virus infected ??

Vagabound

During today's Windows Patchday the following alerts were issued:
Log message: Crit -> anti-virus -> FILE DESTROY -> Virus infected SSI:N Type:Anti-Malware Cache Virus:Malicious Virus File: aspnetcore-runtime-6.0.13-win-x64_96394443f8267732e9285722d6085 Protocol: HTTP.

Is it possible that Windows Update files contain a virus?
Is rather unlikely or?

Could Zyxel check this?

mMontana

I'd vote for a false positive.
Not the first time unfortunately, and I hope that this kind of occurrence won't happen again for real.

Vagabound

Exactly, I may remember that this was already the case on the December 2022 patchday, unfortunately. But maybe Zyxel can tell us more about it.

mMontana

I'd like so. I won't put much hope in "preemptive" solution for february.

Zyxel_Cooldia

Hi @Vagabound,

We are working on it, keep you updated.

Vagabound

Thank you for your feedback. Then we hope for the February patchday

mMontana

Zyxel_Cooldia said:

We are working on it, keep you updated.

Zyxel do not have access to preview of the updates? Can act only after Microsoft release?

Vagabound

Zyxel could communicate with Microsoft and get the files in advance.

Zyxel_Cooldia

Hi @Vagabound,

We mark both files hash as clean in cloud. Please reboot firewall to flush local cache and verify it again. Thanks.

Vagabound

Thank you for your cooperation.
The firewall is restarted daily, so the local cache should be empty now.
We can test the whole thing only with the February patchday, because all systems are already updated with us, from then we know more exactly.

Vagabound

I was able to update a PC today and it worked fine without any alerts in the logfile.
Let's see how it looks like on the February patchday.