ATP100 - false/positive McAfee/Trellix amupdate.exe
Ally Member
Hi,
today a customer send me about 500 emails generated from the ATP100 CDR feature stating that malware was detected.
It showed in the logs that the amupdate.exe was detected as malware.
amupdate.exe belongs to McAfee/Trellix Endpoint Security Software.
Here is the Hash of the detection: 7C32EC1E282EFF6530D0DE979687537E
This was an issue some weeks (or months) ago.
Please update the Anti-Malware signatures to not detect this as malware.
Thanks.
today a customer send me about 500 emails generated from the ATP100 CDR feature stating that malware was detected.
It showed in the logs that the amupdate.exe was detected as malware.
amupdate.exe belongs to McAfee/Trellix Endpoint Security Software.
Here is the Hash of the detection: 7C32EC1E282EFF6530D0DE979687537E
This was an issue some weeks (or months) ago.
Please update the Anti-Malware signatures to not detect this as malware.
Thanks.
0
All Replies
-
Hello @e_mano_e,Thanks for your feedback.Since I cannot reproduce this problem, could you provide the information below?1. The complete message of the log2. A screenshot of Anti-Malware Statistics. ( Monitor > Security Statistics > Anti-Malware.3. Anti-Malware signature4. amupdate.exe download link. ( I download amupdate.exe from https://www.pconlife.com/viewfileinfo/amupdate-exe/, but Anti-Malware didn't detect anything.)Thanks,James0
-
Hello, I've got the same probleme on 2 differents customers with Flex 200. Each Trellix client that make an update was blocked by Zywall : CDR malware detected
0 -
Hi @Eneplaz,Thanks for your feedback.Could you provide more information as I mentioned previously?James0
-
@Zyxel_James1. The complete message of the log
Sorry. The log is already cleared. It seems that the ATP100 log space is a bit small.2. A screenshot of Anti-Malware Statistics. ( Monitor > Security Statistics > Anti-Malware.
It would also be helpful if this screen would show a) the virus name and b) which file the virus and hash belongs to. Currently I only see a Hash value but without the logs I do not know which malicious file it belongs to.
3. Anti-Malware signature
4. amupdate.exe download link. ( I download amupdate.exe from https://www.pconlife.com/viewfileinfo/amupdate-exe/, but Anti-Malware didn't detect anything.)
I do not know the download link. The Endpoint Security Autoupdater does this in the background.0 -
We're checking, I will get back to you when there is any progress or need anything, please wait patiently, thank you.However, I cannot reproduce this false positive, download amupdate.exe, and didn't detect anything, could you provide reproduction steps? Are you blocked during an update or download? thank you.James0
-
<<Are you blocked during an update or download?>>
Normal update that Trellix does periodically in the background.0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.5K Nebula
- 152 Nebula Ideas
- 101 Nebula Status and Incidents
- 5.8K Security
- 296 USG FLEX H Series
- 281 Security Ideas
- 1.5K Switch
- 77 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 254 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 76 Security Highlight
