False malicious activities / windows update
Hi, one of my customers received two alerts "Collaborative Detect & Response found malicious activities"
Checking the details, they look like Windows Updates, coming from a Redmond IP.
Checking the details, they look like Windows Updates, coming from a Redmond IP.
13.107.12.50 80 192.168.xxxxx 50884 FILE DESTROY unknown Gen.Variant.MSILHeracles.d9848e25 AD2F1837.HPPrinterControl_137.1.291.0_neutral_~_v10z8vjag6ke6.M
13.107.4.50 80 192.168.xxxxx 50859 FILE DESTROY unknown Wildcore.Virus.4a4ec363 Microsoft.SkypeApp_15.86.3409.0_neutral_~_kzf8qxf38zg5c.Msixbun
FIREWALL FW-ATP700 / Nebula Managed.
firmware V5.30(ABTJ.0)
AntiMalware Signature Information
FIREWALL FW-ATP700 / Nebula Managed.
firmware V5.30(ABTJ.0)
AntiMalware Signature Information
Current Version:
2.1.3.20220724.0
Released Date:
2022-07-24 19:46 (UTC+02:00)
1
All Replies
-
it's happening to my customers with ATP 200/500 too
0 -
Same here , on a fresh windows 10 installation running windows update.0
-
Yes, I also receive many alertsi think i will deactivate the CDR0
-
the problem is that the CDR makes a DESTROY FILEand this could in my opinion create problems for microsoft update0
-
I write to Zyxel support and they told me it is skype updatehave reported the problem to the antimalware manufacturer0
-
I have issue before. But I noticed that log does not happen anymore.I have signature version 2.1.3.20220725.0 .Do you all still have the issue after install latest signature?0
-
-
just updated the signature this morning and now the Gen.Variant.MSILHeracles.d9848e25 has stopped but now we have this new one:Gen.Variant.Barys.413913b9and we still have this one:Wildcore.Virus.4a4ec363Virus infected SSI:N Type:Anti-Malware Signature Virus:Wildcore.Virus.4a4ec363 File:Microsoft.SkypeApp_15.86.3409.0_neutral_~_kzf8qxf38zg5c.Mssignature now is: 2.1.3.20220726.0
is this going to be fixed with the next signature update? these issues happened already 2-3 times to our clients with ATP and CDR enabled (and to be conservative we usually configure CDR-Malware detection to BLOCK clients network communication so when this happens clients' PC are blocked and cannot work). please fix these issues or change malware definitions manufacturer cause clients' trust into Zyxel products is falling down due to that and various vulnerabilities that are continuosly discovered
0 -
Hi @MarcoLuvisi,The Virus signature "Wildcore.Virus.4a4ec363" will be removed in the next signature version.For the virus "Gen.Variant.Barys.413913b9" . You can add the whilelist for it if it impact the service.And provide the entire packets for us when you try to reproduce it. Thank you
Kevin0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 238 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight