Anti-Malware False-positive or Real?

135

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,250  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @PhilippeBkk

    About the Threat Intelligence Machine Learning signature issue should be the same as this discussion, we can provide a date firmware to you for further verification, please share your firewall model name with us via private message. Thanks.


    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • Marianne
    Marianne Posts: 2
    First Comment

    Hi Jeff

    We had a new incident today. Signatures of Anti-Malware are up-to-date.

    Log: Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.MSILHeracles.cf775202 File:d27fb4c1-da3c-4211-847d-5f4073c11532 Protocol:HTTP

    It happened on an ATP200, with Signature Version 2.1.1.20230508.0

    We have added the file pattern to the white list, but assume that also this pattern is from Windows Updates.

    Thanks an kind regards,

    Marianne

  • LucaPapaleo
    LucaPapaleo Posts: 13  Freshman Member
    Network Detective-New Adventure Badge First Comment Seventh Anniversary

    It's not first time in which these files are founded as malware (windows update, windows defender, HP driver…).

    Usually the problem goes on for one or two days, but this time it's already too much time.

    Can we have a fix?

    Luca

  • Marcel68
    Marcel68 Posts: 1
    First Comment
    edited May 2023

    We have the same issue with a ATP500 with the latest pattern file installed 2.1.2.20230510.0. TCPview says ithe connection will be opend with teams.exe

  • LucaPapaleo
    LucaPapaleo Posts: 13  Freshman Member
    Network Detective-New Adventure Badge First Comment Seventh Anniversary

    Hello, is it possible another false-positive, from all my firewalls??

         Virus infected SSI:N Type:Anti-Malware Signature Virus:Application.SystemInformer.2b5a37bd File:581a4d29-53d5-42b4-836c-b27b661b1382 Protocol:HTTP

    Luca

  • MassimoRiva
    MassimoRiva Posts: 11  Freshman Member
    First Comment Nebula Gratitude Fifth Anniversary

    wowww hi to everyone ….. it's starting again

  • Marianne
    Marianne Posts: 2
    First Comment

    Hi Luca

    I have the same issue with the message "Virus:Application.SystemInformer.2b5a37bd File:581a4d29-53d5-42b4-836c-b27b661b1382 Protocol:HTTP"

    Have you found out yet if the file can be added to the whitelist without concern?
    I have found not much on this file type…

    Thanks and kind regards,

    Marianne

  • LucaPapaleo
    LucaPapaleo Posts: 13  Freshman Member
    Network Detective-New Adventure Badge First Comment Seventh Anniversary

    Hello Marianne,

    I haven't set any object in whitelist.

    I think that it has to be solved from signature update or otherwise we'll be create too many exclusion

    Waiting for signature…

    Luca

  • LucaPapaleo
    LucaPapaleo Posts: 13  Freshman Member
    Network Detective-New Adventure Badge First Comment Seventh Anniversary

    Hello everyone,

    still this morning hundreds of alerts from all my firewall.

    Virus:Application.SystemInformer

    Please can you (Zyxel) give us a solution?

    Luca

  • LukeCC
    LukeCC Posts: 3
    First Comment
    edited May 2023

    same here, ATP800 and 5-6 clients with this:

    Application.SystemInformer.2b5a37bd

    looking at the malware logs on the firewall and ip sources they allare public IPs associated to Level3 that usually is used as content delivery for microsoft updates or other updates. can you please confirm that?

Security Highlight