wsusoffline triggers a trojan (false positive I assume)

wsusoffline triggers a trojan (false positive I assume)

Postby lovingwsusoffline » 16.05.2017, 14:41

When we download the file wsusoffline1092.zip from this site, the Sonicwall firewall Gateway antivirus triggers the following virus alert and blocks the download:
"Filecoder_Philadelphia.RN (Trojan)"

When I temporarily disable gateway antivirus protection to download it and then try to run it, Trend Micro quarantines it with the virus status of: Suspici.B05CB702

I uploaded wsusoffline1092.zip to virus total and it gets some matches:
https://www.virustotal.com/en/file/8049 ... 494941627/


I assume these are false positives but just letting you know in case you were not aware.

Thanks!
lovingwsusoffline
 

Re: wsusoffline triggers a trojan (false positive I assume)

Postby Dalai » 16.05.2017, 14:59

We are aware of it, and there are already reports like this in the forum. The false alarms are triggered by the compression used after the compilation of the AutoIt scripts UpdateGenerator and UpdateInstaller. I already suggested to not use the compression anymore to avoid false positives like this.

Regards
Dalai
Dalai
 
Posts: 1041
Joined: 12.07.2016, 21:00

Re: wsusoffline triggers a trojan (false positive I assume)

Postby lovingwsusoffline » 16.05.2017, 15:02

Yes sorry I saw a similar post below. I've submitted a case to both Sonicwall and Trend Micro too but it usually takes a while for them to reply and update the definitions.
lovingwsusoffline
 

Re: wsusoffline triggers a trojan (false positive I assume)

Postby WSUSUpdateAdmin » 23.05.2017, 09:32

WSUSUpdateAdmin
Administrator
 
Posts: 2245
Joined: 07.07.2009, 14:38


Return to Download

Who is online

Users browsing this forum: No registered users and 51 guests