False Positive Anti-Malware (Avast Business Installer)

Dexta
Dexta Posts: 14  Freshman Member
First Comment Friend Collector First Anniversary

Today we wanted to install the Avast Ultimate Business Client on one of our machines. The Online-Installer never finished, because the download got blocked by the firewall. Below you see screenshots from Secureporter and the Eventlog.

I hope this is the right way to report false positives. I could not find any offical form for this.

Kind regards,

Michael

Accepted Solution

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,004  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    Answer ✓

    Hi @Dexta

    To avoid false positive detections by Anti-Malware in the Nebula firewall, please add the file name to the Allow list of the Anti-Malware (path: Site-wide > Configure > Firewall > Security service). You can find the file name in your Nebula firewall event log. Based on the screenshot you provided, the file name is “5f195612-384a-48ea-8408-b4ede9dc56bb”.

    For more details, please refer to this article:

    [ATP/FLEX] How to avoid false positive detection by Anti-Malware in the Nebula firewall? — Zyxel Community

    Additionally, thank you for bringing the information gap in the article to our attention. If you would like to report a false positive case, please contact Zyxel local support or raise a forum post in our Community. We have also updated the article to address this.

    Kay

    Engage in the Community, become an MVP, and win exclusive prizes! https://bit.ly/Community_MVP

All Replies

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,004  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security

    Hi @Dexta

    To resolve the issue with the Avast Business Installer being blocked, please add the MD5 value (5F195612384A48EA8408B4EDE9DC56BB) of the installer to your firewall's allow list.

    For detailed guidance, please refer to this article:

    Kay

    Engage in the Community, become an MVP, and win exclusive prizes! https://bit.ly/Community_MVP

  • Dexta
    Dexta Posts: 14  Freshman Member
    First Comment Friend Collector First Anniversary
    edited July 29

    Hi @Zyxel_Kay

    Thank you. Do you also have a similar guide for Nebula devices? For example, as you see in my screenshots, there is no md5 hash. Where do i find it?

    And in regards to report the false positive, see picture bellow. It ommits where to report.

    Kind regard,
    Michael

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,004  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    Answer ✓

    Hi @Dexta

    To avoid false positive detections by Anti-Malware in the Nebula firewall, please add the file name to the Allow list of the Anti-Malware (path: Site-wide > Configure > Firewall > Security service). You can find the file name in your Nebula firewall event log. Based on the screenshot you provided, the file name is “5f195612-384a-48ea-8408-b4ede9dc56bb”.

    For more details, please refer to this article:

    [ATP/FLEX] How to avoid false positive detection by Anti-Malware in the Nebula firewall? — Zyxel Community

    Additionally, thank you for bringing the information gap in the article to our attention. If you would like to report a false positive case, please contact Zyxel local support or raise a forum post in our Community. We have also updated the article to address this.

    Kay

    Engage in the Community, become an MVP, and win exclusive prizes! https://bit.ly/Community_MVP

Security Highlight