Anti-Malware False-positive or Real?

Options
BCC
BCC Posts: 6  Freshman Member
First Anniversary Friend Collector First Comment

We have multiple devices reporting this detection:

Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.MSILHeracles.cf775202 File:AD2F1837.HPPrinterControl_144.1.1068.0

Is this another false-positive or another distributed supply chain infection event?

Accepted Solution

  • e_mano_e
    e_mano_e Posts: 86  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    I was just at the customers site and visited the ATP100 and have the same issue.

    Anti-Malware
    Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.MSILHeracles.cf775202 File:AD2F1837.HPPrinterControl_145.1.1083.0_neutral_~_v10z8vjag6ke6. Protocol:HTTP

«1345

All Replies

  • MassimoRiva
    Options

    hi I have also me this problem. from this morning I have a lot of notifications, any news about it?

    thank you.

  • Tiba
    Tiba Posts: 3
    First Comment
    edited May 2023
    Options

    me too

    Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.MSILHeracles.cf775202 File:AD2F1837.HPPrinterControl_145.1.1083.0_neutral_~_v10z8vjag6ke6

  • Alferic
    Alferic Posts: 4
    First Anniversary First Comment
    edited May 2023
    Options

    me too.

    1    2023-05-04 09:22:45 95.140.230.128:80                               xxx.xxx.xxx.xxx:63792                            
         crit                anti-virus             FILE DESTROY                                    
         Virus infected Rule_id=20 SSI=N Virus=B13 Gen.Variant.MSILHeracles.cf775202 File=DzOzV9ZF9zv27MeZ6c7I1lw4fTbkwPezJo9zsO6llJ8q0JaqRddga04cvLwUwK3 Protocol=HTTP
                
    1    2023-05-04 08:39:47 93.184.221.240:80                               xxx.xxx.xxx.xxx:49557                            
         crit                anti-virus             FILE DESTROY                                    
         Virus infected Rule_id=20 SSI=N Virus=B13 Gen.Variant.MSILHeracles.cf775202 File=zhTWGauq44YN Protocol=HTTP
    

    edit:
    another one ip source (from one other my internal host): 209.197.3.8
    I thinks is a false positive for windows update protocol, but i'm not sure.

  • LucaPapaleo
    LucaPapaleo Posts: 12  Freshman Member
    First Anniversary 10 Comments
    Options

    I've several firewall ATP Series. All of them are detecting the same issue.

    Please FIX IT!

    It isn't first time

    Thanks

    Luca

  • PhilippeBkk
    PhilippeBkk Posts: 13  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    Same for me ATP200.
    It start already 2 weeks back. I manually block IP. LAst week it was quiet and thjis week it is a disaster and CDR kick out users.

    Please fix this
    Philippe

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,101  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Dear all,

    Many thanks for reporting this case to us. Please add the issued hash value to Anti-Malware's allow list now. You can refer to this FAQ article for guidance.

    Additionally, we will send private messages to you, please help to provide the necessary information to us for signature correction. Thanks.

  • e_mano_e
    e_mano_e Posts: 86  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    I was just at the customers site and visited the ATP100 and have the same issue.

    Anti-Malware
    Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.MSILHeracles.cf775202 File:AD2F1837.HPPrinterControl_145.1.1083.0_neutral_~_v10z8vjag6ke6. Protocol:HTTP

  • e_mano_e
    e_mano_e Posts: 86  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    As a follow up: No Hash value was shown.

    I had to add a file pattern to the Anti-Malware allow list.

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,101  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Dear all users,

    Thank you for providing us with your feedback so far, both on the public discussion page and through private messages. We greatly appreciate it. Could you update our latest Anti-Malware signature and check if the malware detection issue still persists?

    If so, please share the Anti-Malware log screenshots, the model name of your device, and the Anti-Malware signature version with us. Thank you!

Security Highlight