Anti-Malware False-positive or Real?
We have multiple devices reporting this detection:
Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.MSILHeracles.cf775202 File:AD2F1837.HPPrinterControl_144.1.1068.0
Is this another false-positive or another distributed supply chain infection event?
Accepted Solution
-
I was just at the customers site and visited the ATP100 and have the same issue.
Anti-Malware
Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.MSILHeracles.cf775202 File:AD2F1837.HPPrinterControl_145.1.1083.0_neutral_~_v10z8vjag6ke6. Protocol:HTTP0
All Replies
-
hi I have also me this problem. from this morning I have a lot of notifications, any news about it?
thank you.
0 -
Me too!
0 -
me too
Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.MSILHeracles.cf775202 File:AD2F1837.HPPrinterControl_145.1.1083.0_neutral_~_v10z8vjag6ke6
0 -
me too.
1 2023-05-04 09:22:45 95.140.230.128:80 xxx.xxx.xxx.xxx:63792 crit anti-virus FILE DESTROY Virus infected Rule_id=20 SSI=N Virus=B13 Gen.Variant.MSILHeracles.cf775202 File=DzOzV9ZF9zv27MeZ6c7I1lw4fTbkwPezJo9zsO6llJ8q0JaqRddga04cvLwUwK3 Protocol=HTTP 1 2023-05-04 08:39:47 93.184.221.240:80 xxx.xxx.xxx.xxx:49557 crit anti-virus FILE DESTROY Virus infected Rule_id=20 SSI=N Virus=B13 Gen.Variant.MSILHeracles.cf775202 File=zhTWGauq44YN Protocol=HTTP
edit:
another one ip source (from one other my internal host): 209.197.3.8
I thinks is a false positive for windows update protocol, but i'm not sure.0 -
I've several firewall ATP Series. All of them are detecting the same issue.
Please FIX IT!
It isn't first time
Thanks
Luca
0 -
Same for me ATP200.
It start already 2 weeks back. I manually block IP. LAst week it was quiet and thjis week it is a disaster and CDR kick out users.Please fix this
Philippe0 -
Dear all,
Many thanks for reporting this case to us. Please add the issued hash value to Anti-Malware's allow list now. You can refer to this FAQ article for guidance.
Additionally, we will send private messages to you, please help to provide the necessary information to us for signature correction. Thanks.
See how you've made an impact in Zyxel Community this year!
0 -
I was just at the customers site and visited the ATP100 and have the same issue.
Anti-Malware
Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.MSILHeracles.cf775202 File:AD2F1837.HPPrinterControl_145.1.1083.0_neutral_~_v10z8vjag6ke6. Protocol:HTTP0 -
As a follow up: No Hash value was shown.
I had to add a file pattern to the Anti-Malware allow list.
0 -
Dear all users,
Thank you for providing us with your feedback so far, both on the public discussion page and through private messages. We greatly appreciate it. Could you update our latest Anti-Malware signature and check if the malware detection issue still persists?
If so, please share the Anti-Malware log screenshots, the model name of your device, and the Anti-Malware signature version with us. Thank you!
See how you've made an impact in Zyxel Community this year!
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight