https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-qqpeo-199010010/m-p/284301#M1167 <P>I'm getting a similar false positive for&nbsp;<SPAN>Microsoft Directory Services/ms-ds-smbv3 - </SPAN>Virus/Win32.WGeneric.adwxyf. Occurs when attempting to copy Symantec Antivirus from a share.&nbsp;</P> Wed, 21 Aug 2019 03:43:00 GMT HenryFoss 2019-08-21T03:43:00Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-qqpeo-199010010/m-p/271698#M1098 <P>Hello,</P><P>&nbsp;</P><P>We are getting several false positives for the following:</P><P>Hashes: MD5 -&nbsp;</P><P class="hash md5">522aaef14fd04b0cfbb92a5fb67f8daa</P><P class="hash md5">c5d262166b7f4e9972d7e3e25df36d5c</P><P class="hash md5">1910b1d2c94992fc21c6431a0eae1d78</P><P class="hash md5">1ea5f8f65c07140d6fe639cf792a210c</P><P class="hash md5">ffabe0604710b1070d044aa137465cd1</P><P class="hash md5">48b696a3e96865a38cb4ee6c34163f19</P><P class="hash md5">8d6abf4c351ee1d30ba40ddd61a2d60f</P><P class="hash md5">b636ebe64a2905f61d659a854c5d5cf4</P><P class="hash md5">e4de7fb09f13c7d0cb4d31083a1b6706</P><P class="hash md5">ef002bca6c0f92debfa2d896a727ceaa</P><P><A href="https://www.virustotal.com/gui/file/866aef3c8c9b4a7ccf6d6cad22a8b05d0ffed8e18590ec3d3e5b734d771363e3/detection" target="_blank" rel="noopener">https://www.virustotal.com/gui/file/866aef3c8c9b4a7ccf6d6cad22a8b05d0ffed8e18590ec3d3e5b734d771363e3/detection</A></P> Thu, 20 Jun 2019 13:50:06 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-qqpeo-199010010/m-p/271698#M1098 Andrew_Gahan 2019-06-20T13:50:06Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-qqpeo-199010010/m-p/284301#M1167 <P>I'm getting a similar false positive for&nbsp;<SPAN>Microsoft Directory Services/ms-ds-smbv3 - </SPAN>Virus/Win32.WGeneric.adwxyf. Occurs when attempting to copy Symantec Antivirus from a share.&nbsp;</P> Wed, 21 Aug 2019 03:43:00 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-qqpeo-199010010/m-p/284301#M1167 HenryFoss 2019-08-21T03:43:00Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-qqpeo-199010010/m-p/284379#M1169 <P>UPDATE:</P><P>&nbsp;</P><P>Turns out there was a GPO to not permit logins to multiple sessions. This GPO called on a directory and copied some files locally. It wasn't until we started looking at the AV in addition to Palo we saw there was a "login.exe" being detected and flagged. After moving the user's OU and deleting the local copy, the GPO no logger applied and the alerts ceased.</P><P>&nbsp;</P><P>Luckily there was a "misc:" field in the Palo alert which eventually tipped us off.</P><P>&nbsp;</P><P>Best of luck!</P> Wed, 21 Aug 2019 16:35:35 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-qqpeo-199010010/m-p/284379#M1169 Andrew_Gahan 2019-08-21T16:35:35Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-qqpeo-199010010/m-p/286598#M1184 <P>In the future open a case with Palo Alto networks through your portal. THis is not the place to discuss your private network.&nbsp;</P><P>As a Palo Alto customer you have Support included and we could find and fix this much faster without exposing your files to the internet.&nbsp;</P> Wed, 04 Sep 2019 15:54:17 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-qqpeo-199010010/m-p/286598#M1184 dparris 2019-09-04T15:54:17Z