Jump to content


Photo

False Positive: GoogleUpdateSetup.exe

GoogleUpdateSetup False Positive Web Filter

  • Please log in to reply
3 replies to this topic

#1 Russ Sundsten

Russ Sundsten
  • Members
  • 4 posts

Posted 12 February 2016 - 10:24 AM

Hello,

 

The Web Filter in my organization has been sending these alerts all morning:

 

"This email is from the Barracuda Web Filter.  We have detected and blocked the download of:  VIRUS  Win.Trojan.Bancos-2115

                from the server:www.google.com

                with the URL:http://www.google.com/dl/update2/1.3.29.5/GoogleUpdateSetup.exe"

 

In each instance the file is always the same, but the mirror may change.  The other two variants include:

URL:http://r2---sn-5aanugx5h-t0ae.gvt1.com/edgedl/update2/1.3.29.5/GoogleUpdateSetup.exe

URL:http://dl.google.com/update2/1.3.29.5/GoogleUpdateSetup.exe

 

These domains all are registered to Google, and the file appears to be digitally signed by Google as well.  I believe this to be a false positive.

 

Thank you



#2 rsimmers

rsimmers
  • Members
  • 17 posts

Posted 12 February 2016 - 10:38 AM

I haven't seen this today but we did have that problem once with GoogleUpdateSetup.exe being detached as a false positive.  I ended up calling Barracuda and they confirmed it was a false positive and released a energizer update later that day to fix it.



#3 mheller

mheller

    Nobody

  • Moderators
  • 1,299 posts
  • LocationSan Jose, CA

Posted 12 February 2016 - 10:58 AM

Hello,

 

We are currently releasing a new definition 3.6.0.9009 as of 7:55am PST that should be out within to resolve this issue reported, and we apologize for the inconvenience!



Matthew Willson-Heller
Support Escalation Manager, US

Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com



#4 mheller

mheller

    Nobody

  • Moderators
  • 1,299 posts
  • LocationSan Jose, CA

Posted 12 February 2016 - 11:52 AM

Apologies for the confusion as we identified multiple false signatures and are currently generating 3.6.0.9011 to correct all of these further identified.

 

More to follow!



Matthew Willson-Heller
Support Escalation Manager, US

Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com