Getting pummelled by CDR reports of MSILHeracles download attempts from several of my ATPs
It appears to be an old issue that happened in 2022 too, if these are indeed false positives.
I can't quite tell if it's a false positive though. The two files I've seen it block are:
AD2F1837.HPPrinterControl_145.1.1083.0_neutral_~_v10z8vjag6ke6
and
ccdeecee-9152-46a2-a8ca-5e4458eb35a5
These look like Windows Update files, but the IP addresses are not things I necessarily recognize.
Anyone else seeing this?
All Replies
-
Hi @ChipConnJohn ,
Greeting Forum, please kindly the below inforamtion and send me by private message.
(1). The detected file (if you have)
(2). Collect the bdsyslog.zip file on their PC :
STEP1. Download the BDSysLog_i.exe file :
https://download.bitdefender.com/supporttools/bdsyslog/v2/BDSysLog_i.exe
STEP2. Collect the bdsyslog file for us:
https://www.bitdefender.com/consumer/support/answer/1922/Thank you
0 -
Hello,
The firewall is blocking attempts to download these files and I don't see any place the firewall is holding the files in quarantine. Not sure how to get a copy of the files at that point.
I have SentinelOne and BlackPoint running on every machine that is triggering the download. I've done scans of those machines using S1 and nothing has been found.
Do you have a sandbox environment you can download these files to?
0 -
I had the same message ATP100.
It ends when I uninstalled HP printer update program.
0 -
We have the same problem.
It looks like the updates are comming from users who have HP printers at home, and the software is installed when they work from home with the printer.
When they are back at the office the messages starting to pop-up.
Uninstalling the HP update program might work, but I try to keep the workstations up-to-date so uninstalling the update program is not the first solution on my list.It is on multiple versions of the HPPrinterControl software
- Gen.Variant.MSILHeracles.cf775202 ⇒ AD2F1837.HPPrinterControl_144.1.1068.0_neutral_~_v10z8vjag6ke6
- Gen.Variant.MSILHeracles.da651960 ⇒ AD2F1837.HPPrinterControl_145.1.1083.0_neutral_~_v10z8vjag6ke6
It's not possible to whitelist the "malware" because there is no hash.
Creating a filter on the emails isn't an option because the mail itself only shows the client information, and not the detection itself.
An update to solve this would be nice.
0 -
This is not a real solution, but it is a temporary solution:
Add an entry to the Allow list of Anti-Malware using "file-pattern" like this: AD2F1837.HPPrinterControl*
Has worked for me.
1 -
This has been reported in several threads for more than one week but ZYXEL people still cannot tell what to do, not can say if it is a false positive
0 -
Hi @ChipConnJohn @OTADMIN , @MBS
It is fine, please kinldy provide the below information for us. Thank you
STEP1. Download the BDSysLog_i.exe file :
https://download.bitdefender.com/supporttools/bdsyslog/v2/BDSysLog_i.exe
STEP2. Collect the bdsyslog file for us:
https://www.bitdefender.com/consumer/support/answer/1922/Thank you
0 -
@Zyxel_Kevin,
I have a Bitdefender log from a machine that was being flagged as trying to download malware while the I was running the bitdefender tool. I think this should give you what you need. How do I get the log file to you?
0 -
Hi @ChipConnJohn ,
We will remove signatures in next anti-malware package.
Please kindly check if the issue happend again. Thank you
0 -
Hello, without firmware update? just signature?
Luca
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 264 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 41 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight