Another False Positive? (Cloud Id: 76406582) Agent.FL (Trojan) blocked.
AlanPALuk
Newbie ✭
Receiving these messages constantly for every computer's IP that requires "Windows 11 (version 22H2)" update.
Once we manually push the update, this stops for that computer.
Example. (Destination IP removed for our own security)
Source IP changes, but its always a Content Delivery Network with ties to Windows Updates.
is it safe to exclude this signature?
Category: Firewall Security Services
0
Answers
Hi @AlanPALuk, see these Threads here, it will help
https://community.sonicwall.com/technology-and-support/discussion/3583/gateway-anti-virus-alert-multi-compressed-zip-gzip-file-blocked#latest
Thank you for the information.
Although we don't block multi-compressed ZIP/GZIP files, I have read through the thread and made some alterations to how we receive email notifications. Currently we relied on notifications via FastVue Alerts and Scheduled Reporting.
I have now enabled email notifications via SonicWall as well.
I will analyse what information comes back from these emails. Typically, the two current computers that currently required the Windows 22H2 update have now been patched via our patch management software, so it maybe a while before this situations occurs again.
I have been getting this error since last night. Is this a false positive?
809 - Security Services - Alert - 23.60.159.57, 80, X4 - 192.168.0.167, 57756, X0 - Gateway Anti-Virus Alert: (Cloud Id: 82586309) Agent.FL (Trojan) blocked.