Gateway Antivirus Alert problem with Epson printer file

Informatech · September 2021

Good evening, I am receiving several alerts from the nsa 2650 firewall that detect a probable threat present on a station. Specifically, the threat refers to the epson printer driver package present in the spool folder of the PC on which an epson printer is installed and shared with other users. The nod32 does not detect any anomalies as well as the scan of the files carried out on virustotal. Below is an example log. I still had to disable port 445 on the pc as it was trying to contact a target pc related to a user connected to the company vpn.
Log: 17:27:22 Sep 02 1460 Security Services Inform Gateway Anti-Virus Status: CloudAV Detection. File forwarding to Sandbox truncated for filename: x64 \ 3 \ E_YUBVME.EXE. 192.168.100.22, 445, X0 192.168.168.101, 59224, X1 tc

Marco Octavian · September 2021

1) This could be a false positive. Report the file using the link below and/or contact support to investigate further.

https://www.sonicwall.com/support/knowledge-base/how-can-i-report-false-positives-or-virus-trojan-malware-samples-to-the-gateway-antivirus-team/170504597803818/

2) You still may want to create a case to get assistance with other potential anomalies such as the need to clear various CACHE options, potential cpu spking, etc. Basically, support would need a TSR file (Tech Support Report) to verify there are no lateral issues affecting this.

3) What do the Capture ATP results say about this file? Monitor -> Capture ATP.

Thank you,

Join the Conversation

Gateway Antivirus Alert problem with Epson printer file

Answers