Issues with Lenovo downloads and APT
Anyone else having issues with Lenovo downloads being flagged as malicious by APT? It is happening on all my Lenovo laptops.
APT
Appliance: Member1
Time: Thu Dec 02 08:37:24 2021 (CST)
Process: http
Message: Policy Name: HTTPS-proxy.SSO-00 Action: ProxyDrop: Reason: HTTP APT detected Source IP: 192.168.0.83 Source Port: 61026 Destination IP: 184.25.139.10 Destination Port: 443 Authenticated User:XXX@XXXX.XXX host: download.lenovo.com path: /pccbbs/mobiles/u3etn05w.exe md5: 4dc4c4c3a69d62dae728842e95572b5f task_uuid: 51e0c48efc4a00102cd311bbce0a4a0b threat_level: medium
0
Sign In to comment.
Comments
Hi @SkyJaxx
I'm seeing the same thing -- I'll look into this and get back to you:
2021-12-08 10:37:48 Deny ---.---.---.--- ---.---.---.--- https/tcp 49274 443 Trusted VLAN External ProxyDrop: HTTP APT detected (HTTPS-proxy-00) HTTP-Client.Standard.1 proc_id="http-proxy" rc="594" msg_id="1AFF-0034" proxy_act="HTTP-Client.Standard.1" host="download.lenovo.com" path="/pccbbs/mobiles/u3etn05w.exe" md5="4dc4c4c3a69d62dae728842e95572b5f" task_uuid="51e0c48efc4a00102cd311bbce0a4a0b" threat_level="medium" geo_dst="USA" Traffic
-James Carson
WatchGuard Customer Support
@SkyJaxx
In the interim, you can make an exception for this file by using the MD5 on your firewall:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/file_exceptions/file_exceptions_config_c.html
-James Carson
WatchGuard Customer Support
Yes, but unfortunately this file changes often, so I would be adding a hash constantly.
Hi @SkyJaxx
This has been corrected in the APT system. You should be able to remove the exception if you made one.
-James Carson
WatchGuard Customer Support
Great! Thanks for your help.