Zyxel firewall categorizing Let's Encrypt CRL as malware
Freshman MemberI work at Let's Encrypt, a widely used Certificate Authority - including by some Zyxel websites like support.zyxel.eu.
We've received reports that our CRL (Certificate Revocation List) URL r10.c.lencr.org arise being categorized as malware by Zyxel firewalls. I am not familiar with Zyxel products, but I do see it shows as malware on the URL checker on https://threatintelligence.zyxel.com/checker
This is a false positive. Our other URLs like r11.c.lencr.org and e5.c.lencr.org are not flagged as malware. If there's a better place to report this, please let me know.
Accepted Solution
-
Hi @mattm
Yes, just like @Vagabound said, we are working on this issue. The adjustment might take few days. For users who encounter this issue, please add the URL to the allow list.
Zyxel Melen0
Zyxel Employee
All Replies
-
I've been watching this since yesterday afternoon, I have a USG Flex 200 and the log file is full of these messages:
104.18.21.213:80 alert url-threat-filter ACCESS BLOCK r10.c.lencr.org: Mlicious Sites, SSI:NI am sure that these are positive false alerts. Zyxel support will probably have to take action.
In an emergency, the URL can be whitelisted, but this is not a clean solution.0 -
Hi @mattm
Yes, just like @Vagabound said, we are working on this issue. The adjustment might take few days. For users who encounter this issue, please add the URL to the allow list.
Zyxel Melen0 -
Update:
The adjustment has been made.
Zyxel Melen0
Categories
- All Categories
- 435 Beta Program
- 2.7K Nebula
- 176 Nebula Ideas
- 118 Nebula Status and Incidents
- 6.1K Security
- 428 USG FLEX H Series
- 298 Security Ideas
- 1.6K Switch
- 79 Switch Ideas
- 1.2K Wireless
- 44 Wireless Ideas
- 6.7K Consumer Product
- 274 Service & License
- 422 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 89 Security Highlight
