topic Microsoft Directory Services/ms-ds-smbv3 - Virus/Win32.WGeneric.yurld? in Advanced Threat Prevention Discussions https://live.paloaltonetworks.com/t5/advanced-threat-prevention/microsoft-directory-services-ms-ds-smbv3-virus-win32-wgeneric/m-p/326085#M804 <P><SPAN>We are see numerous alarms from our SIEM from our Palo Alto firewall. Here is a copy of a scrubbed log message below. When asking the user about their activity, they only RDP'ed into various servers from their laptop via the Globalprotect VPN for remote admin work and ran a batch file that re-maps drives. Additionally they noted browsing to \\&lt;dcserver&gt;\netlogon and that it seem to take long to enumerate directory. Also full AV endpoint scans show clean. Is this s false-positive?</SPAN></P> Tue, 05 May 2020 08:19:42 GMT NiganDong 2020-05-05T08:19:42Z Microsoft Directory Services/ms-ds-smbv3 - Virus/Win32.WGeneric.yurld? https://live.paloaltonetworks.com/t5/advanced-threat-prevention/microsoft-directory-services-ms-ds-smbv3-virus-win32-wgeneric/m-p/326085#M804 <P><SPAN>We are see numerous alarms from our SIEM from our Palo Alto firewall. Here is a copy of a scrubbed log message below. When asking the user about their activity, they only RDP'ed into various servers from their laptop via the Globalprotect VPN for remote admin work and ran a batch file that re-maps drives. Additionally they noted browsing to \\&lt;dcserver&gt;\netlogon and that it seem to take long to enumerate directory. Also full AV endpoint scans show clean. Is this s false-positive?</SPAN></P> Tue, 05 May 2020 08:19:42 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/microsoft-directory-services-ms-ds-smbv3-virus-win32-wgeneric/m-p/326085#M804 NiganDong 2020-05-05T08:19:42Z Re: Microsoft Directory Services/ms-ds-smbv3 - Virus/Win32.WGeneric.yurld? https://live.paloaltonetworks.com/t5/advanced-threat-prevention/microsoft-directory-services-ms-ds-smbv3-virus-win32-wgeneric/m-p/326555#M807 <P>Yes, that signature was disabled on&nbsp;<SPAN>03/22/2019 14:30 PDT.</SPAN></P> <P><SPAN>You must be running an outdated Antivirus or WildFire-Virus package.</SPAN></P> <P><SPAN>Please review what versions you're running and make sure your Dynamic Updates scheduler is properly set and that the firewall can reach updates.paloaltonetworks.com.</SPAN></P> Wed, 06 May 2020 23:22:22 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/microsoft-directory-services-ms-ds-smbv3-virus-win32-wgeneric/m-p/326555#M807 mivaldi 2020-05-06T23:22:22Z Re: Microsoft Directory Services/ms-ds-smbv3 - Virus/Win32.WGeneric.yurld? https://live.paloaltonetworks.com/t5/advanced-threat-prevention/microsoft-directory-services-ms-ds-smbv3-virus-win32-wgeneric/m-p/343083#M926 <P>Did you get a resolution to this?&nbsp; We are experiencing a similar situation where ms-ds-smbv3 signature is being identified as a virus. We have all up to date Dynamic Content as well.</P> Mon, 10 Aug 2020 17:46:28 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/microsoft-directory-services-ms-ds-smbv3-virus-win32-wgeneric/m-p/343083#M926 TerenceOyape 2020-08-10T17:46:28Z