st3213 — Zyxel Community

Comments

Thanks @Zyxel_James. I think the worry comes from the fact that not only a log entry is generated (which is fine) but also an alarm is risen and an alert emails sent out immediately. We receive a lot of alarm emails from our systems due to "Abnormal TCP flag attack" - more serious issues can be overseen in this situation.…

in Big uptick in “abnormal TCP flag attack detected” across all my devices today Comment by st3213 September 2023
Any update on this? We experience the same on some devices. Any countermeasures?

in Big uptick in “abnormal TCP flag attack detected” across all my devices today Comment by st3213 September 2023
Hi @Zyxel_Kevin, unfortunately, the issue is still prevalent on our USG 500 flex. False positives still happen every month on MS patch day! It often involves some kind of dotnet-runtime-file, today it was the Update KB5023288. The Hash is 28F846B09CB2CFE30ADDFC2731853AF9. You really should look at this - adding files to…

in False malicious activities / windows update Comment by st3213 February 2023
@Zyxel_Kevin Thank you for updating the signatures, hits have stopped not. But we need to keep this open at least until the next MS patch day. Let's hope for a permenent solution.

in False malicious activities / windows update Comment by st3213 November 2022
OK, I see. We have an additional column in our 500 flex devices. But otherwise, the same: We get hundreds of hits on every patch day. Interestingly, the alters stop after a while - not sure if ZyXel is updating signatures or why. I'm just wondering why there is no more talk about this issue. One would assume that many…

in False malicious activities / windows update Comment by st3213 November 2022
OK, I see. We have an additional column in our 500 flex. I Hope @Zyxel_Kevin can advise. The problem is going on for a while now.

in False malicious activities / windows update Comment by st3213 November 2022
OK, I see. We have an additional column in our 500 flex devices. But otherwise, the same: We get hundreds of hits on every patch day. Interestingly, the alters stop after a while - not sure if ZyXel is updating signatures or why. I'm just wondering why there is no more talk about this issue. One would assume that many…

in False malicious activities / windows update Comment by st3213 November 2022
you could check monitor --> security statistics --> anti-malware --> Hash values in the table. As I mentioned, unfortunately, there is no direct linkage to the alert from the system log.

in False malicious activities / windows update Comment by st3213 November 2022
Hi Kevin, the same happens here on USG 500 flex. In fact, it happens every patch day for the last couple of months - which is quite annoying as it generates a load of alerts. For the current patch day, I'm copying the virus name and filename below: dotnet-runtime-6.0.11-win-x64_3504dfca92911ac7449dcb292a33b75f8Malicious…

in False malicious activities / windows update Comment by st3213 November 2022

EnglishTiếng ViệtРусскийไทย中文（台灣）