forums.wsusoffline.net

Forums for questions, problems and suggestions concerning WSUS Offline Update
https://forums.wsusoffline.net/

wsusoffline triggers a trojan (false positive I assume)

https://forums.wsusoffline.net/viewtopic.php?f=3&t=6621

Page 1 of 1

wsusoffline triggers a trojan (false positive I assume)

PostPosted: 16.05.2017, 14:41
by lovingwsusoffline
When we download the file wsusoffline1092.zip from this site, the Sonicwall firewall Gateway antivirus triggers the following virus alert and blocks the download:
"Filecoder_Philadelphia.RN (Trojan)"

When I temporarily disable gateway antivirus protection to download it and then try to run it, Trend Micro quarantines it with the virus status of: Suspici.B05CB702

I uploaded wsusoffline1092.zip to virus total and it gets some matches:
https://www.virustotal.com/en/file/8049 ... 494941627/


I assume these are false positives but just letting you know in case you were not aware.

Thanks!

Re: wsusoffline triggers a trojan (false positive I assume)

PostPosted: 16.05.2017, 14:59
by Dalai
We are aware of it, and there are already reports like this in the forum. The false alarms are triggered by the compression used after the compilation of the AutoIt scripts UpdateGenerator and UpdateInstaller. I already suggested to not use the compression anymore to avoid false positives like this.

Regards
Dalai

Re: wsusoffline triggers a trojan (false positive I assume)

PostPosted: 16.05.2017, 15:02
by lovingwsusoffline
Yes sorry I saw a similar post below. I've submitted a case to both Sonicwall and Trend Micro too but it usually takes a while for them to reply and update the definitions.

Re: wsusoffline triggers a trojan (false positive I assume)

PostPosted: 23.05.2017, 09:32
by WSUSUpdateAdmin
:arrow: viewtopic.php?f=5&t=6590.
All times are UTC + 1 hour
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/