THREAT false positives on MS software when using Global Protect.

NormCook — Tue, 13 Nov 2018 17:44:48 GMT

I'm seeing what look slike a lot of false positives when using global protect. For example, Microsoft's Logon.exe excutable and any MS Endpoint patches

An example is

AM_Engine_Patch_1.1.15400.4.exe
SHA-256 Hash: 74f9dc35fc9f5ab02e46843e8ccf569478961ea58dc2655690516199c1eab928

which PAN-OS 8.0.7 is flagging as Virus/Win32.WGeneric.tphtk(214705593)

I didn't spot anything in release notes for 8.0.7+ that

Re: THREAT false positives on MS software when using Global Protect.

OtakarKlier — Tue, 13 Nov 2018 22:43:31 GMT

Hello,

We occasionally also see this type of behavior. Its just how the PAN see's the files and it creates a false positive. The best thing to do is create a support ticket so they can get more info and correct the signatures.

Regards,

topic THREAT false positives on MS software when using Global Protect. in Advanced Threat Prevention Discussions

THREAT false positives on MS software when using Global Protect.

Re: THREAT false positives on MS software when using Global Protect.