FireEye: Malware Being Whitelisted By FireEye Engine

The US security company, FireEye, has been found out to be whitelisting malware in its engine. The issue happened with their operating system, the FireEye Operating System and it allowed malware to be whitelisted for a period of 24 hours. This came to light after the German cyber security company found out the vulnerability in their software. FireEye quickly worked along with Blue Frost to handle the situation and a patch has been released to get rid of this issue.

FireEye

The issue was found out to have affected the Virtual Execution Engine of the OS, which is a Windows-based virtual machine that helps in analyzing the suspicious files that operate in the OS. Moritz Jodeit from Blue Frost felt that the analysis of the suspicious files were not safe enough. He said that the suspicious files could be renamed easily using variables from the Windows environment inside its path.

The result was that the malicious files could not be copied to their original locations in the OS, and will be present elsewhere in the virtual machine. Since the file was not in its original location, the OS could not find any suspicious activity from it and leads to whitelisting of its MD5 hash for 24 hours.

The issue was reported by Blue Frost last September and FireEye had released patches for all the affected versions by October. But the issue has been made public only now due to the fact that most of the users are still using the vulnerable versions without applying the patch. The following products have this issue and given next to it is the version of the FEOS that fixed the issue.

FE File Content Security – FX (7.5.1
FE Malware Analysis – AX (7.7.0)
FE Network Security – NX (7.6.1)
FE Email Security – EX (7.6.2)

SHARE