Anti-Malware False-positive or Real?

Options
135

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,083  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    https://community.zyxel.com/en/discussion/comment/51735#Comment_51735

    Hi @PhilippeBkk

    About the Threat Intelligence Machine Learning signature issue should be the same as this discussion, we can provide a date firmware to you for further verification, please share your firewall model name with us via private message. Thanks.

  • Marianne
    Marianne Posts: 2
    First Comment
    Options

    Hi Jeff

    We had a new incident today. Signatures of Anti-Malware are up-to-date.

    Log: Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.MSILHeracles.cf775202 File:d27fb4c1-da3c-4211-847d-5f4073c11532 Protocol:HTTP

    It happened on an ATP200, with Signature Version 2.1.1.20230508.0

    We have added the file pattern to the white list, but assume that also this pattern is from Windows Updates.

    Thanks an kind regards,

    Marianne

  • LucaPapaleo
    LucaPapaleo Posts: 12  Freshman Member
    First Anniversary 10 Comments
    Options

    It's not first time in which these files are founded as malware (windows update, windows defender, HP driver…).

    Usually the problem goes on for one or two days, but this time it's already too much time.

    Can we have a fix?

    Luca

  • Marcel68
    Marcel68 Posts: 1
    First Comment
    edited May 2023
    Options
    zy.png

    We have the same issue with a ATP500 with the latest pattern file installed 2.1.2.20230510.0. TCPview says ithe connection will be opend with teams.exe

  • LucaPapaleo
    LucaPapaleo Posts: 12  Freshman Member
    First Anniversary 10 Comments
    Options

    Hello, is it possible another false-positive, from all my firewalls??

         Virus infected SSI:N Type:Anti-Malware Signature Virus:Application.SystemInformer.2b5a37bd File:581a4d29-53d5-42b4-836c-b27b661b1382 Protocol:HTTP

    Luca

  • MassimoRiva
    MassimoRiva Posts: 8
    First Anniversary Nebula Gratitude First Comment
    Options

    wowww hi to everyone ….. it's starting again

    Immagine.jpg

  • Marianne
    Marianne Posts: 2
    First Comment
    Options

    Hi Luca

    I have the same issue with the message "Virus:Application.SystemInformer.2b5a37bd File:581a4d29-53d5-42b4-836c-b27b661b1382 Protocol:HTTP"

    Have you found out yet if the file can be added to the whitelist without concern?
    I have found not much on this file type…

    Thanks and kind regards,

    Marianne

  • LucaPapaleo
    LucaPapaleo Posts: 12  Freshman Member
    First Anniversary 10 Comments
    Options

    Hello Marianne,

    I haven't set any object in whitelist.

    I think that it has to be solved from signature update or otherwise we'll be create too many exclusion

    Waiting for signature…

    Luca

  • LucaPapaleo
    LucaPapaleo Posts: 12  Freshman Member
    First Anniversary 10 Comments
    Options

    Hello everyone,

    still this morning hundreds of alerts from all my firewall.

    Virus:Application.SystemInformer

    Please can you (Zyxel) give us a solution?

    Luca

    firmware.png
    signature.png

  • LukeCC
    LukeCC Posts: 3
    First Comment
    edited May 2023
    Options

    same here, ATP800 and 5-6 clients with this:

    Application.SystemInformer.2b5a37bd

    looking at the malware logs on the firewall and ip sources they allare public IPs associated to Level3 that usually is used as content delivery for microsoft updates or other updates. can you please confirm that?

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)