Probable False Positive ESET Endpoint Security application
Options
jobo124910
Posts: 1
in Security
Hello,
When trying to update ESET Endpoint Security (32-bit) on a Windows computer, the Zyxel ATP200 Anti-malware detects malware.
When downloading the file directly from a different computer the same detection happens.
From the logs:
2022-05-03 12:44:27 91.228.167.25:443 <ip address removed>:59285 warn anti-virus FILE DESTROY Virus infected SSI:Y Type:Anti-Malware Signature Virus:Wildcore.Virus.fb63d804 File:ees_nt32.msi Protocol:HTTP
This is version 9.0.2046.0 of the ESET Endpoint Antivirus software (32-bit). The Zyxel Antimalware signature version is 2.1.1.20220502.0.
Online scanning on Virustotal of the file url shows no detections. See https://www.virustotal.com/gui/url/19b65cb703b28fb7a7eda1045fc99f314cb054f6669bde492556c003e5d74d89/detection
Can you confirm this is a false positive?
When trying to update ESET Endpoint Security (32-bit) on a Windows computer, the Zyxel ATP200 Anti-malware detects malware.
When downloading the file directly from a different computer the same detection happens.
From the logs:
2022-05-03 12:44:27 91.228.167.25:443 <ip address removed>:59285 warn anti-virus FILE DESTROY Virus infected SSI:Y Type:Anti-Malware Signature Virus:Wildcore.Virus.fb63d804 File:ees_nt32.msi Protocol:HTTP
This is version 9.0.2046.0 of the ESET Endpoint Antivirus software (32-bit). The Zyxel Antimalware signature version is 2.1.1.20220502.0.
Online scanning on Virustotal of the file url shows no detections. See https://www.virustotal.com/gui/url/19b65cb703b28fb7a7eda1045fc99f314cb054f6669bde492556c003e5d74d89/detection
Can you confirm this is a false positive?
0
All Replies
-
Hello @jobo124910,Could you provide the complete log, reproduce steps, and Signature version? and Which software did you update and which version did you update to?We will check if it's a false positive.Moreover, we could add it to the Allow List based on the logs to prevent the detection.Navigate to Security Service > Anti-Malware > Allow List, add an allowed rule, select "File Pattern" as Type, and input "ees_nt32.msi" to the Value.Thank you.James0
-
Hello @jobo124910,Thanks for the feedback, I can confirm the problem you meet is a false positive.I download ees_nt32.msi (32-bit) from HFS, then the warn log appears. However, it only happens when downloading ees_nt32.msi instead of ees_nt64.msi (64-bit)We will check on this and improve Anti-Malware, thank you.James0
-
Any ETA for solving this issue, @Zyxel_James?
0 -
Hello @mMontana,We can not offer an ETA now, however, we will let you know the detection is fixed once the update is available.Thank you.James0
-
Hello @jobo124910, @mMontana,Now the false detection is removed in the current signature version.Please update to version 2.1.1.20220511.0 and try again, thank you.James0
Zyxel Employee
Guru Member
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 52 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight
