USG Flex 200 -> Windows Update files Virus infected ??
All Replies
-
Dozens of alerts again this morning:
Message
1 2023-02-02 06:57:57 93.184.221.240:80
crit anti-virus FILE DESTROY
Virus infected SSI:N Type:Anti-Malware Cache Virus:Malicious Virus File:powershell-7.3.2-win-x64_70b4b049d70b8ace7ec828ea395f25d9927b2e Protocol:HTTP
0 -
Here is an excerpt from the SecuReporter:
0 -
Virus Hash: 927acfcba3f91bcf10264dde216d5ec9
0 -
It seems this is a never ending issue with Zyxel. Please refer to the other thread in this regard:We have finished the programming of our new USG Flex 700 right now and will set it into production service during the next days, replacing the old USG 110. Then we will see if anything has been improved in the meantime.
0 -
I had previously also a USG 110, but never had such problems as now with the USG Flex 200.
Let's hope that this improves in the future, have no desire to constantly evaluate the many alerts, there are other things you should do.
0 -
More times it happens...
More seems not a feature.0 -
Hi @Vagabound,
The hash 927acfcba3f91bcf10264dde216d5ec9 has been marked clean in cloud today.
please try it again.
We will come out a solution for this issue to minimize false positive case.
Before the solution is implement. please add Microsoft update IP into white list.
0 -
Zyxel_Cooldia said:...
Before the solution is implement. please add Microsoft update IP into white list.In October 22, in the above linked thread, I did report the following IP addresses where MS update packages should be retrieved from at that time:8.248.89.254:80 - Level 3 Parent LLC, US8.248.119.254:80 - Level 3 Parent LLC, US209.197.3.8:80 - StackPath LLC, US88.221.235.20:80 - Akamai Technologies Inc., US96.17.152.184:80 - Akamai Technologies Inc., USI guess it's not practical to add different MS IP addresses into a white list which could even changing on each patchday. But I'm not the expert in MS update procedures. From my point of view Zyxel should try to get in contact with MS to discover the process and find a general solution.0 -
I can only agree with this, I will be careful not to white list any IP address that I can't verify.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight