Anti-Malware False-positive or Real?
All Replies
-
Hi @PhilippeBkk
About the Threat Intelligence Machine Learning signature issue should be the same as this discussion, we can provide a date firmware to you for further verification, please share your firewall model name with us via private message. Thanks.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0 -
Hi Jeff
We had a new incident today. Signatures of Anti-Malware are up-to-date.
Log: Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.MSILHeracles.cf775202 File:d27fb4c1-da3c-4211-847d-5f4073c11532 Protocol:HTTP
It happened on an ATP200, with Signature Version 2.1.1.20230508.0
We have added the file pattern to the white list, but assume that also this pattern is from Windows Updates.
Thanks an kind regards,
Marianne
0 -
It's not first time in which these files are founded as malware (windows update, windows defender, HP driver…).
Usually the problem goes on for one or two days, but this time it's already too much time.
Can we have a fix?
Luca
0 -
We have the same issue with a ATP500 with the latest pattern file installed 2.1.2.20230510.0. TCPview says ithe connection will be opend with teams.exe
0 -
Hello, is it possible another false-positive, from all my firewalls??
Virus infected SSI:N Type:Anti-Malware Signature Virus:Application.SystemInformer.2b5a37bd File:581a4d29-53d5-42b4-836c-b27b661b1382 Protocol:HTTP
Luca
0 -
wowww hi to everyone ….. it's starting again
0 -
Hi Luca
I have the same issue with the message "Virus:Application.SystemInformer.2b5a37bd File:581a4d29-53d5-42b4-836c-b27b661b1382 Protocol:HTTP"
Have you found out yet if the file can be added to the whitelist without concern?
I have found not much on this file type…Thanks and kind regards,
Marianne
0 -
Hello Marianne,
I haven't set any object in whitelist.
I think that it has to be solved from signature update or otherwise we'll be create too many exclusion
Waiting for signature…
Luca
0 -
Hello everyone,
still this morning hundreds of alerts from all my firewall.
Virus:Application.SystemInformer
Please can you (Zyxel) give us a solution?
Luca
0 -
same here, ATP800 and 5-6 clients with this:
Application.SystemInformer.2b5a37bd
looking at the malware logs on the firewall and ip sources they allare public IPs associated to Level3 that usually is used as content delivery for microsoft updates or other updates. can you please confirm that?
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight