Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Anti-Virus Alert: (Cloud Id: 29060692) Starter.Y (Trojan) blocked. Another False Positive?

Getting tons of these alerts across multiple Sonicwalls. Anyone else seeing these? Started after 5pm EST. I have no idea yet but assume they are false positives again.

Category: Firewall Security Services
Reply

Best Answers

Answers

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    Microsoft released 71 new patches addressing CVEs in Microsoft Windows and Windows Components, Azure Site Recovery, Microsoft Defender for Endpoint and IoT, Intune, Edge (Chromium-based), Windows HTML Platforms, Office and Office Components, Skype for Chrome, .NET and Visual Studio, Windows RDP, SMB Server, and Xbox. This is in addition to the 21 CVEs patched by Microsoft Edge (Chromium-based) earlier this month, which brings the March total to 92 CVEs.

    The number of bugs in each vulnerability category is listed below:

    • 25 Elevation of Privilege Vulnerabilities
    • 3 Security Feature Bypass Vulnerabilities
    • 29 Remote Code Execution Vulnerabilities
    • 6 Information Disclosure Vulnerabilities
    • 4 Denial of Service Vulnerabilities
    • 3 Spoofing Vulnerabilities
    • 21 Edge - Chromium Vulnerabilities
    This month's Patch Tuesday includes fixes for three publicly disclosed zero-day vulnerabilities, none of these vulnerabilities were actively exploited in attacks.

    The publicly disclosed vulnerabilities fixed as part of the March 2022 Patch Tuesday are:

    • CVE-2022-21990 - Remote Desktop Client Remote Code Execution Vulnerability
    • CVE-2022-24459 - Windows Fax and Scan Service Elevation of Privilege Vulnerability

    CVE-2022-24512 - .NET and Visual Studio Remote Code Execution Vulnerability

  • IngoldsbyIngoldsby Newbie ✭

    Thank you for confirming this. How do I shut off the email alerts? I've gotten 300 so far and they keep pouring in.

    When I search under "Gateway Anti-Virus Signatures" for Starter.Y or its ID# (29060692), I get no results.

    I only want to stop alerts for this false positive, not all alerts.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Ingoldsby you have to disable Cloud Id 29060692 in the Cloud AV DB Exclusion settings on the Gateway Anti-Virus page.

    --Michael@BWC

  • SSISSI Newbie ✭

    I'm not finding this ID to disable. Perhaps I am looking in the wrong place. I'm in the NSM at Policy/Security Services/Gateway Anti-Virus/Signatures Tab

    I searched by the ID (29060692) and by the term "Starter.Y"

    Should I be looking elsewhere?

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @SSI I'am not using NSM, but inside LiveDemo I would guess it's there:

    --Michael@BWC

  • jcurt7492jcurt7492 Newbie ✭

    Since this is preventing the update from downloading, what should we do about it? Will following the directions above to stop notifications also allow us to download? Update Tuesdays are nothing but headaches now...

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @jcurt7492 disabling the Cloud Id will make the download go through.

    --Michael@BWC

  • RussFRussF Newbie ✭

    You have to manually "Add" the exclusion by typing in the number.


    Russ


  • SSISSI Newbie ✭

    I am not seeing quite the same screen as you are displaying above:


    I am searching on the Signatures tab like so:



  • jcurt7492jcurt7492 Newbie ✭

    @SSI Make sure you click on the "Cloud Anti-Virus" link, it's on that screen

  • SSISSI Newbie ✭

    Nevermind. I found it. Your image is correct. I missed the Cloud Anti-Virus subtab.

  • lostbackupslostbackups Newbie ✭

    Thanks for this.. I just started getting alerts as well until I added the exclusion

  • Jim_HingleJim_Hingle Newbie ✭

    Dittos on the thanks everybody!

Sign In or Register to comment.