USG Flex 200 -> Windows Update files Virus infected ??

Vagabound
Vagabound Posts: 30  Freshman Member
First Comment Friend Collector First Anniversary
in Security
During today's Windows Patchday the following alerts were issued:
Log message: Crit -> anti-virus -> FILE DESTROY -> Virus infected SSI:N Type:Anti-Malware Cache Virus:Malicious Virus File: aspnetcore-runtime-6.0.13-win-x64_96394443f8267732e9285722d6085 Protocol: HTTP.

Is it possible that Windows Update files contain a virus?
Is rather unlikely or?

Could Zyxel check this?
«1

All Replies

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    I'd vote for a false positive.
    Not the first time unfortunately, and I hope that this kind of occurrence won't happen again for real.
  • Vagabound
    Vagabound Posts: 30  Freshman Member
    First Comment Friend Collector First Anniversary
    Exactly, I may remember that this was already the case on the December 2022 patchday, unfortunately. But maybe Zyxel can tell us more about it.

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    I'd like so. I won't put much hope in "preemptive" solution for february.
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Hi @Vagabound,

    We are working on it, keep you updated.
  • Vagabound
    Vagabound Posts: 30  Freshman Member
    First Comment Friend Collector First Anniversary
    Thank you for your feedback. Then we hope for the February patchday ;)

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    Zyxel_Cooldia said:
    We are working on it, keep you updated.

    Zyxel do not have access to preview of the updates? Can act only after Microsoft release?
  • Vagabound
    Vagabound Posts: 30  Freshman Member
    First Comment Friend Collector First Anniversary
    Zyxel could communicate with Microsoft and get the files in advance.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Hi @Vagabound,

    We mark both files hash as clean in cloud. Please reboot firewall to flush local cache and verify it again. Thanks.
  • Vagabound
    Vagabound Posts: 30  Freshman Member
    First Comment Friend Collector First Anniversary
    Thank you for your cooperation.
    The firewall is restarted daily, so the local cache should be empty now.
    We can test the whole thing only with the February patchday, because all systems are already updated with us, from then we know more exactly.

  • Vagabound
    Vagabound Posts: 30  Freshman Member
    First Comment Friend Collector First Anniversary
    I was able to update a PC today and it worked fine without any alerts in the logfile. =)
    Let's see how it looks like on the February patchday.

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)