Siemens Says Desigo CC Files Flagged as Malware by Security Engines
Summary
Siemens has reported that security engines are flagging files within their Desigo CC building management system patch files as malware. The issue appears to stem from a PowerShell script included in the patch files, which is causing these false positives across multiple security solutions.
IFF Assessment
False positives from security engines can disrupt legitimate operations and lead to misallocation of security resources.
Defender Context
This incident highlights the challenges defenders face with evolving malware detection signatures and the importance of thorough testing and validation of security tools to avoid false positives. Organizations should be prepared to investigate and potentially whitelist legitimate files that are incorrectly flagged by their security solutions, ensuring operational continuity while maintaining security posture.