Jump to content


Photo

False-Positive Spyware/Virus

spyware virus falsepositive

  • Please log in to reply
1 reply to this topic

#1 Jeff Nichols

Jeff Nichols
  • Members
  • 3 posts

Posted 04 February 2019 - 02:40 PM

Receiving multiple e-mails from "spyware-notify-bounces@barracuda.com" regarding this and similarly patterned URLs:

 

This email is from the Barracuda Web Security Gateway.  We have detected and blocked the download of:  VIRUS  Win.Trojan.Generic-6840770-0

                from the server:au.download.windowsupdate.com

                with the URL:http://au.download.windowsupdate.com/c/msdownload/update/software/defu/2019/02/am_delta_patch_1.285.819.0_37b3fc954a2d1847690b69f2640a2b0ec1ab112b.exe

 

 

It looks like this is just virus definitions for our Microsoft Antivirus. This is still occuring with spyware definitions 2.0.5961 (2019-02-04 12:35:24) and antivirus definitions 3.7.0.9431 (2019-02-04 10:23:15). Both of these are currently the latest of each type.



#2 John Irwin

John Irwin
  • Barracuda Team Members
  • 54 posts

Posted 05 February 2019 - 08:56 AM

There was a false positive On Sunday with the VIRUS defs
 
you should be on at least virusdef: 3.7.0.9433 as of last night.
and today my test box version shows virusdef: 3.7.0.9438
You can also update your other definitions, while these should be updated hourly if any new versions are released.
 
Please reconfirm and pending 24-48 hours of definitions update time for verifications of data and then release and to update all units with new defs.
 
If you are then still experiencing issues then please contact us to confirm any other concerns.






Also tagged with one or more of these keywords: spyware virus falsepositive