False malicious activities / windows update
All Replies
-
0
-
Unfortunantely we have the same problems. Is there anybody by Zyxel who can solve this issues. We have tonns of this records.0
-
Hi @Doppelnet,
Did you know what kind of behavior triggers?
Also please kindly share the exact virus name for us.
Thank you
Kevin0 -
Même problème visible sur SecuReporter
0 -
Hi @aemf,
Did you know what kind of behavior triggers?
And please kindly provide the virus name . Thank you
Kevin0 -
Hi Kevin,For completion and to keep this concern alive ...: On 28 October one colleague started its computer after a few days off. When Windows starts its automatic update procedure the following virus alert has been announced by our USG110 again:2022-10-28 10:16:54, 93.184.221.240:80, 192.168.51.12:51745, crit, anti-virus, FILE DESTROY,wan1, vlan51, tcp, Virus infected Rule_id=6 SSI=N Virus=Malicious Virus File=aspnetcore-runtime-3.1.30-win-x86_700b1cf039d7c1a853df94d9ca0e0 Protocol=HTTPRegarding your question ... the automatic (or manually forced) update process of Windows always caused this USG behaviour. Normally on monthly Windows Patch Day, or when a machine which was not running during the MS patchday will be switched on subsequently.We do not have any other virus name information. From month to month only the version number of the aspnetcore-runtime or windowsdesktop-runtime is changing.
0 -
Hi @USG_User,
Did you have the file Hash ?
We are cheking on it. I will update the ticket if I have any news.
Thanks your patience.
Kevin0 -
Hi Kevin,the same happens here on USG 500 flex. In fact, it happens every patch day for the last couple of months - which is quite annoying as it generates a load of alerts.For the current patch day, I'm copying the virus name and filename below:dotnet-runtime-6.0.11-win-x64_3504dfca92911ac7449dcb292a33b75f8Malicious Virus(detected by Anti-Malware Cache)windowsdesktop-runtime-6.0.11-win-x86_5f7938428f80f9dd0c7660379Malicious Virus(detected by Anti-Malware Cache)Unfortunately, the USG report does not link the filename to a hash, but the following two hashes belong to the files mentioned above:2C8B9429D84440193D99F224C2E95D288BFD60737588F839346D71E2B7D41277Hope you can find a permanent solution soon.Good luck!
0 -
Zyxel_Kevin said:Hi @USG_User,
Did you have the file Hash ?
We are cheking on it. I will update the ticket if I have any news.
Thanks your patience.
Kevin
What file hashes do you mean and where should I get it from? I've got only the entries extracted from system log as provided different times in past. Please advise
0 -
you could check monitor --> security statistics --> anti-malware --> Hash values in the table. As I mentioned, unfortunately, there is no direct linkage to the alert from the system log.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight