Issues with Lenovo downloads and APT

Anyone else having issues with Lenovo downloads being flagged as malicious by APT? It is happening on all my Lenovo laptops.

APT

Appliance: Member1
Time: Thu Dec 02 08:37:24 2021 (CST)
Process: http
Message: Policy Name: HTTPS-proxy.SSO-00 Action: ProxyDrop: Reason: HTTP APT detected Source IP: 192.168.0.83 Source Port: 61026 Destination IP: 184.25.139.10 Destination Port: 443 Authenticated User:XXX@XXXX.XXX host: download.lenovo.com path: /pccbbs/mobiles/u3etn05w.exe md5: 4dc4c4c3a69d62dae728842e95572b5f task_uuid: 51e0c48efc4a00102cd311bbce0a4a0b threat_level: medium

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @SkyJaxx
    I'm seeing the same thing -- I'll look into this and get back to you:

    2021-12-08 10:37:48 Deny ---.---.---.--- ---.---.---.--- https/tcp 49274 443 Trusted VLAN External ProxyDrop: HTTP APT detected (HTTPS-proxy-00) HTTP-Client.Standard.1 proc_id="http-proxy" rc="594" msg_id="1AFF-0034" proxy_act="HTTP-Client.Standard.1" host="download.lenovo.com" path="/pccbbs/mobiles/u3etn05w.exe" md5="4dc4c4c3a69d62dae728842e95572b5f" task_uuid="51e0c48efc4a00102cd311bbce0a4a0b" threat_level="medium" geo_dst="USA" Traffic

    -James Carson
    WatchGuard Customer Support

  • james.carsonjames.carson Moderator, WatchGuard Representative

    -James Carson
    WatchGuard Customer Support

  • Yes, but unfortunately this file changes often, so I would be adding a hash constantly.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @SkyJaxx
    This has been corrected in the APT system. You should be able to remove the exception if you made one.

    -James Carson
    WatchGuard Customer Support

  • Great! Thanks for your help.

Sign In to comment.