What does "agent.fl" mean? Where can I look up a Cloud ID?
Arkwright
Community Legend ✭✭✭✭✭
We get this every few months, from different customers. A signature described as "Agent.FL" will fire tens or hundreds of times in a day. The Cloud ID will be different but usually the name is "Agent.FL". The public IPs vary but usually they are CDNs. If you google "agent.fl" then you will see a similar story from other administrators.
Today's instance is (Cloud Id: 78494308) Agent.FL (Trojan)
Where can I look this up?
doesn't return anything useful.
Category: Firewall Security Services
Tagged:
0
Answers
Hi @Arkwright
It could be due to false positive alert. Then you have to inform GAV team.
As per the SonicWALL signatures, Agent.fl is Trojen virus.
So there is no way to look up a cloud ID?
Hi @ARKWRIGHT,
I see there is no direct option to get to know about the Cloud ID details that you were looking. I would suggest you to call and check with our support team to seek more info to your request. Please find below web-link for support contact.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
I experienced this problem today while installing an updated version of my RMM product on a client's computer.
The technical support representative was apologetic in that he could not provide any further information on the volume of attempts.
He created the case, took the extract of the log, the TSR, and the EXP and sent it off to the GAV team.
In the meantime, I can't finish working on the client's computer until I hear back that it is either a series of false positives or my vendor has some serious work to correct (a la SolarWinds).
@Saravanan - more than a week later and it seems that getting the Cloud ID and why files were flagged is still a mystery.
Case 43698747 is still open and I had to deliver the computer to the client despite knowing that it was not properly set up.
My vendor believes that SW hit their code with a slew of false positives, but I am not in any position to say otherwise.
Honestly, what am I supposed to do?
Hi @LARRY,
It looks like the case is being investigated still. I believe that the engineer is investigating this with the backend team. Please hold on for now, I dont know about the status of the issue. I'll have the engineer communicate you with appropriate status via the support case.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
I added this comment directly in the case yesterday:
Still need to understand. When GAV reports this:
Gateway Anti-Virus Status: CloudAV Detection. File forwarding to Sandbox truncated for: http://update.itsupport247.net/AGTU/AgtHealthChk/DPMA/NumHostidTxt.zip, filename: NumHostidTxt.zip.
Does that mean that NumHostidTxt.zip is the next entry in the log?
Gateway Anti-Virus Alert: (Cloud Id: 73326188) Sality-6827739-0 (Virus) blocked.
When I called today, and repeated the question, I ended up being placed on hold for most of the 50 minute session. Before it ended, the CSR asked for a remote session and pulled the TSR, the EXP, and the log with a promise to get back to me in a day with an answer.
I fail to see how those files are at all pertinent to answering my question.
But it really seems clear to me that SonicWall doesn't understand what I'm asking.
So does ANYONE know how to interpret the message?