USG110 - Where to send false positives queries?

USG_User
USG_User Posts: 253  Master Member
edited November 2021 in Security
Since a few days the USG AV scan detects a lot of viruses, but only from our 4 software development computers, running MS Visual Studio. The infected transmissions will be blocked so far.
But I'm wondering that the USG dashboard is showing nothing under "top 5 viruses".

System Log entry:
Virus infected Rule_id=7 SSI=N Virus=Malicious Virus File=aspnetcore-runtime-5.0.12-win-x64_4922f60dcb21f8c227e2ba022138e Protocol=HTTP

We're thinking this could be a false positive. We're are presently scaning the computers with an ESET Rescue Stick for further details.

Where could we report false positives to, that the virus signatures will be updated/corrected?

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 846  Zyxel Employee
    Hi @USG_User,
    We can help you to report false positives.
    What is your MS Visual Studio version and signature version ?
  • USG_User
    USG_User Posts: 253  Master Member
    H Cooldia,

    Thanks for your reply.

    In the meantime we've done further tests. Scanning the computer using an bootable Rescue AV Scan Stick (ESET) brought no positive results.
    Further we've updated our Visual Studio to the latest release and since then no more virus alerts appear with the 4 development computers. Only one MS Surface device, which has not been updated until now, caused to new virus alerts when started it today. It might have something to do with an automatic update check or something like this. But anyway ..., we update now the Surface as well and will see what happens tomorrow morning since the suspicious traffic occurs only once a day.

    USG110 Virus Signature:     v1.0.0.20211110.0

    Affected MS Visual Studio version:


    Latest USG alert log of today:

    Virus infected Rule_id=7 SSI=N Virus=Malicious Virus File=aspnetcore-runtime-5.0.12-win-x86_51477ce7f3a775da9aa24eb84aaff Protocol=HTTP
    2021-11-11 09:27:01,2.22.147.66:80                                  ,192.168.51.13:58337                             ,     crit               ,anti-virus            ,FILE DESTROY         ,     wan1               ,vlan51                ,tcp                  ,     Virus infected Rule_id=7 SSI=N Virus=Malicious Virus File=aspnetcore-runtime-3.1.21-win-x86_e9f9628bcd13460a36ef3d62f9da9 Protocol=HTTP
    2021-11-11 09:27:02,2.22.147.66:80                                  ,192.168.51.13:58337                             ,     crit               ,anti-virus            ,FILE DESTROY         ,     wan1               ,vlan51                ,tcp                  ,     Virus infected Rule_id=7 SSI=N Virus=Malicious Virus File=aspnetcore-runtime-3.1.21-win-x86_e9f9628bcd13460a36ef3d62f9da9 Protocol=HTTP
    2021-11-11 09:27:02,2.22.147.66:80                                  ,192.168.51.13:58337                             ,     crit               ,anti-virus            ,FILE DESTROY         ,     wan1               ,vlan51                ,tcp                  ,     Virus infected Rule_id=7 SSI=N Virus=Malicious Virus File=aspnetcore-runtime-3.1.21-win-x86_e9f9628bcd13460a36ef3d62f9da9 Protocol=HTTP
    2021-11-11 09:27:02,2.22.147.66:80
    ... log shortened

     



  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 846  Zyxel Employee
    Does it still have false positives on MS Surface device after update?
  • USG_User
    USG_User Posts: 253  Master Member
    No, since we've also updated the surface, also the USG A/V alerts for this device IP are gone. It confirms us that this was a false positive.

Security Highlight