False malicious activities / windows update
All Replies
-
We are experiencing false positive A/V alerts for aspdotnet-runtimes and windowsdesktop-runtimes since months.But these A/V alerts are coming only once a month on MS patch day. Zyxel is already dealing with it, had access to our USG, and has tried to exclude the affected files from their signature hashes. Without success until now.Presently we're waiting for the August patch day ...0
-
Hi @USG_User,
"But these A/V alerts are coming only once a month on MS patch day. Zyxel is already dealing with it"
So did you have the ticket to deal with it ?
Kevin
0 -
Hi Kevin,
Please ask your colleague Zyxel_Cooldia. We are in contact in this regard since weeks.0 -
Dear Customers,
After investigation, the following two are false alarm,
Wildcore.Virus.4a4ec363
Gen.Variant.Barys.413913b9
which have been excluded in the latest signature version (20220731)
Kevin
0 -
got this one this morning on a client site with ATP800 >Gen.Variant.Barys.da651960seems like a variant of the false positive of 2 weeks ago...
0 -
Today MS is rolling out new Windows Updates and we immediately received different A/V Alerts for
- aspnetcore-runtime-3.1.28-win-x86
- aspnetcore-runtime-6.0.8-win-x86
- aspnetcore-runtime-6.0.8-win-x64
- windowsdesktop-runtime-6.0.8-win-x86
- windowsdesktop-runtime-6.0.8-win-x64
on different machines. Now this is gone for this month, and we expect the next A/V alert on next MS Windows Updates in next month.
0 -
Maybe someone at virus definition department should have more grip about Microsoft packages?0
-
so this means that if we have CDR set to BLOCK clients PCs if detetcs malware on them we have to expect clients PC to be blocked every month when microsoft releases new updates? I hope it's not like this,,,
0 -
Today MS is rolling out its Windows October updates and our USG110 is again reporting and blocking the following aspnetcore and windowsdesktop updates on different machines in our LAN. Once every month this happens again and again ...Affected files:aspnetcore-runtime-3.1.30-win-x86aspnetcore-runtime-6.0.10-win-x64windowsdesktop-runtime-3.1.30-win-x86The update packages should be retrieved from following internet addresses:8.248.89.254:80 - Level 3 Parent LLC, US8.248.119.254:80 - Level 3 Parent LLC, US209.197.3.8:80 - StackPath LLC, US88.221.235.20:80 - Akamai Technologies Inc., US96.17.152.184:80 - Akamai Technologies Inc., US
Does anybody know whether these addresses are MS mirror addresses where client systems are downloading update packages from?
0 -
Unfortunately, we can confirm the same happens to our customers running ATP500, ATP200 and ATP700. Still have to confirm ATP100, but I fear we'll see email notifications soon.0
Master Member
Zyxel Employee
Freshman Member
Guru Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 238 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
