Probable False Positive ESET Endpoint Security application
jobo124910
Posts: 1
in Security
Hello,
When trying to update ESET Endpoint Security (32-bit) on a Windows computer, the Zyxel ATP200 Anti-malware detects malware.
When downloading the file directly from a different computer the same detection happens.
From the logs:
2022-05-03 12:44:27 91.228.167.25:443 <ip address removed>:59285 warn anti-virus FILE DESTROY Virus infected SSI:Y Type:Anti-Malware Signature Virus:Wildcore.Virus.fb63d804 File:ees_nt32.msi Protocol:HTTP
This is version 9.0.2046.0 of the ESET Endpoint Antivirus software (32-bit). The Zyxel Antimalware signature version is 2.1.1.20220502.0.
Online scanning on Virustotal of the file url shows no detections. See https://www.virustotal.com/gui/url/19b65cb703b28fb7a7eda1045fc99f314cb054f6669bde492556c003e5d74d89/detection
Can you confirm this is a false positive?
When trying to update ESET Endpoint Security (32-bit) on a Windows computer, the Zyxel ATP200 Anti-malware detects malware.
When downloading the file directly from a different computer the same detection happens.
From the logs:
2022-05-03 12:44:27 91.228.167.25:443 <ip address removed>:59285 warn anti-virus FILE DESTROY Virus infected SSI:Y Type:Anti-Malware Signature Virus:Wildcore.Virus.fb63d804 File:ees_nt32.msi Protocol:HTTP
This is version 9.0.2046.0 of the ESET Endpoint Antivirus software (32-bit). The Zyxel Antimalware signature version is 2.1.1.20220502.0.
Online scanning on Virustotal of the file url shows no detections. See https://www.virustotal.com/gui/url/19b65cb703b28fb7a7eda1045fc99f314cb054f6669bde492556c003e5d74d89/detection
Can you confirm this is a false positive?
0
All Replies
-
Hello @jobo124910,Could you provide the complete log, reproduce steps, and Signature version? and Which software did you update and which version did you update to?We will check if it's a false positive.Moreover, we could add it to the Allow List based on the logs to prevent the detection.Navigate to Security Service > Anti-Malware > Allow List, add an allowed rule, select "File Pattern" as Type, and input "ees_nt32.msi" to the Value.Thank you.James0
-
Hello @jobo124910,Thanks for the feedback, I can confirm the problem you meet is a false positive.I download ees_nt32.msi (32-bit) from HFS, then the warn log appears. However, it only happens when downloading ees_nt32.msi instead of ees_nt64.msi (64-bit)We will check on this and improve Anti-Malware, thank you.James0
-
Any ETA for solving this issue, @Zyxel_James?
0 -
Hello @mMontana,We can not offer an ETA now, however, we will let you know the detection is fixed once the update is available.Thank you.James0
-
Hello @jobo124910, @mMontana,Now the false detection is removed in the current signature version.Please update to version 2.1.1.20220511.0 and try again, thank you.James0
Guru Member
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 200 Nebula Ideas
- 126 Nebula Status and Incidents
- 6.3K Security
- 497 USG FLEX H Series
- 323 Security Ideas
- 1.6K Switch
- 83 Switch Ideas
- 1.3K Wireless
- 49 Wireless Ideas
- 6.8K Consumer Product
- 286 Service & License
- 457 News and Release
- 89 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 95 Security Highlight
