Gateway AV false positive after 7.1.1 update?
Good morning, i have a nsa 3700 in the office and via GVC our developers connect to a server from the LAN zone. After updating the sonic last friday AV started to mark as trojan (Agent.d_90) some files that our developers were trying to get with Visual Studio (as they have always done without any problem).
After scanning with other antivirus i found nothing on the client or the server side, i opted to exclude this server from gw AV but i would love to know why could this started to happen after the update, i understand the AV signatures are fetching updates directly from an online sonicwall DB regardless of the firmware version.
Thanks in advance,
Javier.
Answers
Update: i enabled log virus URI option in /diag page and found the file that was beeing marked as a trojan, it is an .ashx file. Sonicwall analyzed it and confirmed to us it was a false positive, additionally uploaded the file to virustotal and didnt found anything odd.
So… right now the server is completely excluded from GAV because when i disabled the signature Agent.d_90 it started to match with another signature and im not comfortable disabling virus signatures for my entire network.
What's next? How many days / weeks to Sonic GAV signatures database normally include this false positive in its white list?