Anti-Malware False-positive or Real?

BCC
BCC Posts: 6  Freshman Member
First Comment Friend Collector Fifth Anniversary

We have multiple devices reporting this detection:

Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.MSILHeracles.cf775202 File:AD2F1837.HPPrinterControl_144.1.1068.0

Is this another false-positive or another distributed supply chain infection event?

Accepted Solution

  • e_mano_e
    e_mano_e Posts: 88  Ally Member
    First Answer First Comment Friend Collector Fourth Anniversary
    Answer ✓

    I was just at the customers site and visited the ATP100 and have the same issue.

    Anti-Malware
    Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.MSILHeracles.cf775202 File:AD2F1837.HPPrinterControl_145.1.1083.0_neutral_~_v10z8vjag6ke6. Protocol:HTTP

«1345

All Replies

  • MassimoRiva
    MassimoRiva Posts: 11  Freshman Member
    First Comment Nebula Gratitude Fifth Anniversary

    hi I have also me this problem. from this morning I have a lot of notifications, any news about it?

    thank you.

  • Tiba
    Tiba Posts: 3
    First Comment
    edited May 2023

    me too

    Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.MSILHeracles.cf775202 File:AD2F1837.HPPrinterControl_145.1.1083.0_neutral_~_v10z8vjag6ke6

  • Alferic
    Alferic Posts: 4
    First Comment Second Anniversary
    edited May 2023

    me too.

    1    2023-05-04 09:22:45 95.140.230.128:80                               xxx.xxx.xxx.xxx:63792                            
         crit                anti-virus             FILE DESTROY                                    
         Virus infected Rule_id=20 SSI=N Virus=B13 Gen.Variant.MSILHeracles.cf775202 File=DzOzV9ZF9zv27MeZ6c7I1lw4fTbkwPezJo9zsO6llJ8q0JaqRddga04cvLwUwK3 Protocol=HTTP
                
    1    2023-05-04 08:39:47 93.184.221.240:80                               xxx.xxx.xxx.xxx:49557                            
         crit                anti-virus             FILE DESTROY                                    
         Virus infected Rule_id=20 SSI=N Virus=B13 Gen.Variant.MSILHeracles.cf775202 File=zhTWGauq44YN Protocol=HTTP
    

    edit:
    another one ip source (from one other my internal host): 209.197.3.8
    I thinks is a false positive for windows update protocol, but i'm not sure.

  • LucaPapaleo
    LucaPapaleo Posts: 13  Freshman Member
    Network Detective-New Adventure Badge First Comment Seventh Anniversary

    I've several firewall ATP Series. All of them are detecting the same issue.

    Please FIX IT!

    It isn't first time

    Thanks

    Luca

  • PhilippeBkk
    PhilippeBkk Posts: 13  Freshman Member
    First Comment Friend Collector Fourth Anniversary

    Same for me ATP200.
    It start already 2 weeks back. I manually block IP. LAst week it was quiet and thjis week it is a disaster and CDR kick out users.

    Please fix this
    Philippe

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,247  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Dear all,

    Many thanks for reporting this case to us. Please add the issued hash value to Anti-Malware's allow list now. You can refer to this FAQ article for guidance.

    Additionally, we will send private messages to you, please help to provide the necessary information to us for signature correction. Thanks.


    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • e_mano_e
    e_mano_e Posts: 88  Ally Member
    First Answer First Comment Friend Collector Fourth Anniversary
    Answer ✓

    I was just at the customers site and visited the ATP100 and have the same issue.

    Anti-Malware
    Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.MSILHeracles.cf775202 File:AD2F1837.HPPrinterControl_145.1.1083.0_neutral_~_v10z8vjag6ke6. Protocol:HTTP

  • e_mano_e
    e_mano_e Posts: 88  Ally Member
    First Answer First Comment Friend Collector Fourth Anniversary

    As a follow up: No Hash value was shown.

    I had to add a file pattern to the Anti-Malware allow list.

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,247  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Dear all users,

    Thank you for providing us with your feedback so far, both on the public discussion page and through private messages. We greatly appreciate it. Could you update our latest Anti-Malware signature and check if the malware detection issue still persists?

    If so, please share the Anti-Malware log screenshots, the model name of your device, and the Anti-Malware signature version with us. Thank you!


    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

Security Highlight