Zywall ATP 500 Sandboxing

Hello, we have Zywall ATP 500 and Sandboxing tool report as suspicious the followings files:
- Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x64__8wekyb3d8bbwe
- Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x86__8wekyb3d8bbwe

We have thousand of alert...how can we solve this problem? Why Sandboxing report as suspicious theese file?

All Replies

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    IMVHO... this is a "false positive" due to the .NET runtime downloaded from some of che customers.

    Again: in my opinion...
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 885  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @abonadonna
    We can help you to report false positives.
    What's your file hash (sha1,md5) ?  or could you kindly provide downloadl link ?
    BR
    Kevin

  • the hashes are: "851dd40782055e7893fb33c14da873dd" and "69e67fb85310f66766f67c2c129896a2"
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 885  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @abonadonna,
    After checking,those file are false positives.
    We have removed the false positives results in our cache data.
    BR.
    Kevin
  • Hi @abonadonna,
    After checking,those file are false positives.
    We have removed the false positives results in our cache data.
    BR.
    Kevin
    Hi Kevin, problem still remain, could you help me?




    Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x64__8wekyb3d8bbwe
    69e67fb85310f66766f67c2c129896a2
    Suspicious
    712
    2021-12-13 08:28:41
    2
    Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x86__8wekyb3d8bbwe
    851dd40782055e7893fb33c14da873dd
    Suspicious
    772
    2021-12-13 08:28:40
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 885  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @abonadonna
    There are cache in Firewall as well , Could you kindly reboot the device first.
    BR
    Kevin

Security Highlight