Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Virus information very generic

BWCBWC Cybersecurity Overlord ✭✭✭

Hi guys,

I re-married my TZ 400 with CSC-MA (1.7) and got the first notifications about viruses found.

But what on gods earth should I make with these? Seriously Virus-7 and -5?

info = THREAT-TYPE :: Virus, Name :: Virus-7, SRCIP :: 10.x.x.x (Private IP), DSTIP :: 23.214.197.139 (Netherlands)

info = THREAT-TYPE :: Virus, Name :: Virus-5, SRCIP :: 10.x.x.x (Private IP), DSTIP :: 17.253.55.205 (United States)

I saw these kind of useless at on-premise installations of GMS 8.x as well in the past, but can't remember what the solution was.

Any idea?

--Michael@BWC

Category: Capture Security Center
Reply

Best Answer

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    edited October 2020 Answer ✓

    Hi guys,

    it took a while, in the meantime CSC is shwoing real Threat-Names. It was similar to a problem on on-premise, it felt like the system was not aware of the signatures and loaded this information over time.

    --Michael@BWC

Answers

  • DarshanDarshan SonicWall Employee

    @BWC Could you provide me CSC SN and screenshot from these Alerts ?

  • Halon5Halon5 Enthusiast ✭✭

    Unfortunately SonicWALL's security alerts just seem to present as "A LOT OF TWADDLE" these days... :(

  • DarshanDarshan SonicWall Employee

    @BWC Thanks for update, good to know its working now. We can sync the signatures from backend if needed for CSC. for on-prem you can sync signatures from AppFlow GMSFlow Server and Sync Server option.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @Darshan

    yesterday a Virus-6 got reported, it seems that not all signatures are loaded into my instance of CSC. Or maybe there are no more names left for Viruses :)

    --Michael@BWC

  • DarshanDarshan SonicWall Employee

    @BWC It depands on signature update and if we are getting right info from the firmware flow.

  • Halon5Halon5 Enthusiast ✭✭

    @Darshan , that is unacceptable for me. It just means its broken.

Sign In or Register to comment.