Gateway Anti-Virus Alert: (Cloud Id: 75889292) Artemis!D33034B8796D (Trojan) blocked

geeksuneek

We have been getting a ton of this same blocked Trojan alerts across multiple Sonicwalls we manage but only from few PCs at each site. Looking for assistance determining if a false-positive.

shiprasahu93

I agree that it would be much easier if we had a button next to these logs that just requested this to be filed as a false positive. But, for now it looks like we would need to file this manually.

@geeksuneek, I have seen this being flagged in the past due to "GoogleUpdateSetup.exe" but we would need some time to review the traffic pattern and figure why this is being triggered at so many locations at the same time. It is usually some kind of update that might have matched the signature causing this issue.

I would request you to follow the instructions provided by @Saravanan1990_V and have this information passed on to our GAV team. You will directly get an update from them after further analysis.

I hope that helps!

Saravanan

Hi GEEKSUNEEK,

Thanks for reaching out to SonicWall Communities.

I hope you are safe and doing well.

Based on your post, it looks like loads of GAV alerts across multiple SonicWall firewalls installed at various locations. I would like to understand a bit on this scenario.

Is this issue raised at the same time across all firewalls?

Is there a possibility that you could define what sort of traffics are being blocked by GAV alert on the firewalls?

If different sort of traffics seem to be legitimate and are blocked by firewall's GAV, then it could be possible false positive. In such case, please feel free to report the false positive by following the instructions as per below KB article web-link.

https://www.sonicwall.com/support/knowledge-base/how-can-i-report-false-positives-or-virus-trojan-malware-samples-to-the-gateway-antivirus-team/170504597803818/

Hope this helps you!!!

Halon5

Sadly there are no simple "Press Button" ways to report False Negative/False Positive's., whether they come from Sonicwall's UTM Firewall, Email Security or GMS.

This is a serious deficit really since it does not empower the ability of the Sonicwall administrator to easily and quickly present what are really "errors" in operation.

Sonicwall, please address with ONE BUTTON reporting to you. You already know all the SWL details so just collect the TSR and Export the config yourself.

Get the computer to do the work?

My two cents.