Support assist detected as a Virus


We're trying to install Dell SupportAssist in our company PCs but we always get the error: "InvalidRuleRecordSignature"

I made a capture with wireshark and saw that the installer tries to download a ZIP file from the following address: content.dellsupportcenter.com/.../PCDoctor_6817.200_windows_appupdaterrules_dell.zip

I put it on the browser address bar and I get the following message from our Sonicwall NSA appliance:

"This request is blocked by the Fyrewall Gateway Anti-Virus Service. Name: (Cloud id 46786477) Agent.FL (Trojan) blocked."

I know how to add an exception for this.

My concern: Does this might happen or should I keep it blocked?

Best regards,

Jorge Gil

0 Kudos
1 Reply

RE: Support assist detected as a Virus

Jorge -

I passed this onto the PC-Doctor team for comments.  My contact personally hasn’t seen this before.  The file it is attempting to download contains a dll which will install the latest Dell Certs to ensure the build installs properly and that we can verify all content is from a trusted source.  The dll itself is of course digitally signed and verified before execution.  He suggested that you create an exception for all content coming from content.dellsupportcenter.com to prevent this from happening with each new rule and/or add-on coming from the backend.  Security is managed by the application and all content is digitally signed and verified before trust.

Social Media and Community Professional

0 Kudos