https://live.paloaltonetworks.com/t5/virustotal/frequent-quot-generic-ml-quot-false-positives/m-p/303867#M1274 <P>Hi,&nbsp;</P><P>&nbsp;</P><P>We are a consumer software publisher, and since this year's March we're forced to continuously struggle with the mentioned frequent false-positives from your engine's side on a weekly (<EM>if not to say daily</EM>) basis.</P><P>&nbsp;</P><P>We're releasing new files (<EM>installers of our apps, which are many</EM>) on a daily basis, and the vicious circle here looks something like the following:</P><P>&nbsp;－&nbsp;we're detecting a ‘pack’ of the false-positives from your end - tens of our files get falsely flagged by your engine each time</P><P>&nbsp;－ we're uploading all the flagged files to our VirusTotal Monitor Collection</P><P>&nbsp;－ you usually stop flagging the files within a day or two after that, sometimes a bit longer,&nbsp;but in the mean-time - we're detecting another ‘pack’ of your false-positives again, then everything repeats</P><P>&nbsp;</P><P>We have really lots of files, and their number is growing, so we're just not able to detect every false-positive immediately. Also, the limited storage space, provided by the VT Monitor Service, doesn't allow us to retain all our files, so we have to&nbsp;cull what to upload there <STRONG>manually</STRONG> and then upload <STRONG>manually</STRONG> - this can't be done immediately too. As soon as we've uploaded all necessary files to the VTmonitor Collection, you're resolving the flags fairly fast, yet anyway - not immediately as well. Everything this in sum means that a lot of our customers have more than enough time to actually see the false flags. Needless to say that it isn't good for our&nbsp;reputation at least.</P><P>&nbsp;</P><P>Our question is: how can we stop this from being the case? What we can actually do now is to post-deal with the problem only, but are there any&nbsp;preventive actions we are able to take? Can you do something from your side to finally stop falsely flagging our files?</P><P>&nbsp;</P><P>Regards,</P> Mon, 16 Dec 2019 13:48:37 GMT NCH_Soft 2019-12-16T13:48:37Z https://live.paloaltonetworks.com/t5/virustotal/frequent-quot-generic-ml-quot-false-positives/m-p/303867#M1274 <P>Hi,&nbsp;</P><P>&nbsp;</P><P>We are a consumer software publisher, and since this year's March we're forced to continuously struggle with the mentioned frequent false-positives from your engine's side on a weekly (<EM>if not to say daily</EM>) basis.</P><P>&nbsp;</P><P>We're releasing new files (<EM>installers of our apps, which are many</EM>) on a daily basis, and the vicious circle here looks something like the following:</P><P>&nbsp;－&nbsp;we're detecting a ‘pack’ of the false-positives from your end - tens of our files get falsely flagged by your engine each time</P><P>&nbsp;－ we're uploading all the flagged files to our VirusTotal Monitor Collection</P><P>&nbsp;－ you usually stop flagging the files within a day or two after that, sometimes a bit longer,&nbsp;but in the mean-time - we're detecting another ‘pack’ of your false-positives again, then everything repeats</P><P>&nbsp;</P><P>We have really lots of files, and their number is growing, so we're just not able to detect every false-positive immediately. Also, the limited storage space, provided by the VT Monitor Service, doesn't allow us to retain all our files, so we have to&nbsp;cull what to upload there <STRONG>manually</STRONG> and then upload <STRONG>manually</STRONG> - this can't be done immediately too. As soon as we've uploaded all necessary files to the VTmonitor Collection, you're resolving the flags fairly fast, yet anyway - not immediately as well. Everything this in sum means that a lot of our customers have more than enough time to actually see the false flags. Needless to say that it isn't good for our&nbsp;reputation at least.</P><P>&nbsp;</P><P>Our question is: how can we stop this from being the case? What we can actually do now is to post-deal with the problem only, but are there any&nbsp;preventive actions we are able to take? Can you do something from your side to finally stop falsely flagging our files?</P><P>&nbsp;</P><P>Regards,</P> Mon, 16 Dec 2019 13:48:37 GMT https://live.paloaltonetworks.com/t5/virustotal/frequent-quot-generic-ml-quot-false-positives/m-p/303867#M1274 NCH_Soft 2019-12-16T13:48:37Z https://live.paloaltonetworks.com/t5/virustotal/frequent-quot-generic-ml-quot-false-positives/m-p/304717#M1277 <P>Hi, PaloAlto,&nbsp;</P><P>&nbsp;</P><P>We can see our topic was escalated... Thanks, but we haven't heard anything back from you for a week. Do you perhaps need us to provide you with something more in order to get this resolved a little bit more promptly?</P><P>&nbsp;</P><P>Regards,</P> Mon, 23 Dec 2019 12:43:48 GMT https://live.paloaltonetworks.com/t5/virustotal/frequent-quot-generic-ml-quot-false-positives/m-p/304717#M1277 NCH_Soft 2019-12-23T12:43:48Z https://live.paloaltonetworks.com/t5/virustotal/frequent-quot-generic-ml-quot-false-positives/m-p/305044#M1279 <P>Dear PaloAlto,&nbsp;</P><P>&nbsp;</P><P>We've discovered new false-positives against our files: 111 in total, and 100 out of these - from your <STRONG>"</STRONG>Palo Alto Networks (Known Signatures)<STRONG>"</STRONG> engine (<EM>Paloalto - version: 1.0 - update: 20191226</EM>). Kindly refer to the following screenshot:</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Screenshot 2019-12-27 06.47.02 PAn (KS).png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/23243i5E69E3A3911EF262/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Screenshot 2019-12-27 06.47.02 PAn (KS).png" alt="Screenshot 2019-12-27 06.47.02 PAn (KS).png" /></span></P><P>&nbsp;<EM><STRONG>(</STRONG></EM><A title="https://www.virustotal.com/en/file/f4e79cf49c4123a3f8e621d308776abef303660f990e471151b60783c5e9bbed/analysis/1577259339" href="https://www.virustotal.com/en/file/f4e79cf49c4123a3f8e621d308776abef303660f990e471151b60783c5e9bbed/analysis/1577259339" target="_blank" rel="noopener">https://www.virustotal.com/en/file/f4e79cf49c4123a3f8e621d308776abef303660f990e471151b60783c5e9bbed/analysis/1577259339</A><EM><STRONG>)</STRONG></EM>&nbsp;</P><P>&nbsp;</P><P>Please do something about that, this has become quite a considerable problem for us, and it lasts too long and too invasive...</P><P>&nbsp;</P><P>Regards,</P> Fri, 27 Dec 2019 09:14:21 GMT https://live.paloaltonetworks.com/t5/virustotal/frequent-quot-generic-ml-quot-false-positives/m-p/305044#M1279 NCH_Soft 2019-12-27T09:14:21Z