MarcoLuvisi — Zyxel Community

Comments

well this is a vulnerability issue and not an issue that affects other minor functions of the device so I really hope ZYXEL will produce an official release that includes its fix in it

in ZLD V4.72 WK28 Firmware release Comment by MarcoLuvisi August 2022
same question here. when will 4.73 official available?

in ZLD V4.72 WK28 Firmware release Comment by MarcoLuvisi August 2022
so this means that if we have CDR set to BLOCK clients PCs if detetcs malware on them we have to expect clients PC to be blocked every month when microsoft releases new updates? I hope it's not like this,,,

in False malicious activities / windows update Comment by MarcoLuvisi August 2022
got this one this morning on a client site with ATP800 > Gen.Variant.Barys.da651960 seems like a variant of the false positive of 2 weeks ago...

in False malicious activities / windows update Comment by MarcoLuvisi August 2022
also this one sometimes (as reported by user Gianmarco who opened the thread) Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.Barys.413913b9 File:AD2F1837.HPPrinterControl_137.1.291.0_neutral_~_v10z8vjag6ke6.M Protocol:HTTP

in False malicious activities / windows update Comment by MarcoLuvisi July 2022
Virus infected SSI:N Type:Anti-Malware Signature Virus:Wildcore.Virus.4a4ec363 File:6313b3e0-e981-4721-898b-52b5cd56c894 Protocol:HTTP [count=7]

in False malicious activities / windows update Comment by MarcoLuvisi July 2022
it is not stopped..it is happening again even after latest signatures released yesterday night: 2.1.3.20220727.0

in False malicious activities / windows update Comment by MarcoLuvisi July 2022
Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.Barys.413913b9 File:Microsoft.MicrosoftOfficeHub_18.2205.1091.0_neutral_~_8wekyb3d8 Protocol:HTTP [count=8] something also related to office updates or similar (MicrosoftOfficeHub)

in False malicious activities / windows update Comment by MarcoLuvisi July 2022
it comes from various PC clients on the network but the fact that the IP is the same makes me thinkk it is skype update as indicated by previous emails

in False malicious activities / windows update Comment by MarcoLuvisi July 2022
Virus infected SSI:N Type:Anti-Malware Signature Virus:Gen.Variant.Barys.413913b9 File:35ab3bed-e32b-4bd1-9d46-ca69e91c7726 Protocol:HTTP source external ip is 209.197.3.8 that seems to be used by microsoft for CDN (updates and similar) IP is the same of the one that is found for the Wildcore signature

in False malicious activities / windows update Comment by MarcoLuvisi July 2022
i know that I can add it to the whitelist but I would avoid to add things to whitelist. if a real attack-variant of Gen.Variant.Barys.413913b9 happens it would pass through the network without any block

in False malicious activities / windows update Comment by MarcoLuvisi July 2022
just updated the signature this morning and now the Gen.Variant.MSILHeracles.d9848e25 has stopped but now we have this new one: Gen.Variant.Barys.413913b9 and we still have this one: Wildcore.Virus.4a4ec363 Virus infected SSI:N Type:Anti-Malware Signature Virus:Wildcore.Virus.4a4ec363…

in False malicious activities / windows update Comment by MarcoLuvisi July 2022

EnglishTiếng ViệtРусскийไทย中文（台灣）