Virus/Win32.WGeneric.bhqpnl messages by Saas solution Basware ( approval bulk invoices )

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Virus/Win32.WGeneric.bhqpnl messages by Saas solution Basware ( approval bulk invoices )

L0 Member

Hello everyone,

We had our Citrix environment recently that got flagged in the firewall with this virus. ( after 14-07 ) Virus/Win32.WGeneric.bhqpnl
We have a Saas solution of the product Basware. ( Bulk approval invoices ) We see on the Palo-Alto that an Absent loader ( Malware Dropper ) is seen. The product is working with Silverlight. Also a message came in "Reset-From-Server" when the users download the invoices. 

The name of the virus is called : Virus/Win32.WGeneric.bhqpnl and bhmwrs and bhnjtc etc.

 
1 accepted solution

Accepted Solutions

L0 Member

That is completely expected. These are the threat logs written by the Zone Protection Profile (Reconnaisancde Protection) applied to the zone "Outside". The source (public IPs) running the SCAN is detected in the outside zone, and the destination IPs (probably the firewall's public IPs) are also assigned to the same zone. Source and destination IPs live in the same zone. 

 

acesetm

View solution in original post

2 REPLIES 2

L0 Member

Thank you for your explanation. The question now is, is it a false positive or must we go to the vendor for an explanation from their side ?

L0 Member

That is completely expected. These are the threat logs written by the Zone Protection Profile (Reconnaisancde Protection) applied to the zone "Outside". The source (public IPs) running the SCAN is detected in the outside zone, and the destination IPs (probably the firewall's public IPs) are also assigned to the same zone. Source and destination IPs live in the same zone. 

 

acesetm

  • 1 accepted solution
  • 4267 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!