Gateway-AV causing false-positive on MS Teams install?
Eddy77
Newbie ✭
A client is trying to install MS Teams on a desktop PC behind a TZ370 Firewall with security services enabled. They can download the installer but when the installer is started it fails. The TZ370 logs an alert stating it has blocked a trojan:
After I put the device IP in the exclusion list of the GW-AV MS Teams installer continues and install finishes. Capture Client is also installed on the device but no alert from CC after install so it must be a false-positive...
Is anyone else experiencing the same problem?
Category: Capture Client
Tagged:
0
Comments
No, but good to know. Have you tried using the MSI file rather than the EXE? What firmware version are you running?
No, we only tried the .exe directly from the MS site. I will try if I can trigger the same alert on a new Windows 10 VM and sort out if the msi also triggers this alert.
I managed to trigger the same alert on a new Windows 10 VM, only on the .exe of Teams ... MSI installs OK but is not intended for user install. So looks like a false-positive, since most users already have Teams the impact is small.
Updating this thread. In my case, GAV won't let the file download in the first place:
And, of course, I can't use the previous response to submit a "false positive" to SonicWall because I don't have a file to submit.
Kinda glad Larry brought this up again as I didn't think about it before.
Microsoft's suggestions for 365 include exempting traffic to/from them from any security services. Which I ALWAYS do in my setups. This is why I've never run into this even with >5 year old 365 accounts with fully loaded Sonicwalls.