topic Re: False positive detected for Radioplayer app. Please white list. in VirusTotal

False positive detected for Radioplayer app. Please white list.

billbest21 — Tue, 28 Feb 2023 20:31:36 GMT

Our app, Radioplayer v6.6, has been tagged by Cortex XDR as malware.

Please whitelist it.

We're a reputable non-profit company: https://www.radioplayer.org

Re: False positive detected for Radioplayer app. Please white list.

DaBone — Tue, 28 Feb 2023 21:23:50 GMT

Hello,

Please provide the requested information in the format that is outlined in the pinned thread at the top of this forum.
https://live.paloaltonetworks.com/t5/virustotal/virustotal-verdict-change-request-for-false-positive/td-p/287364

Re: False positive detected for Radioplayer app. Please white list.

Gustavo_Aristi — Tue, 28 Feb 2023 21:29:03 GMT

I had a similar instance with the Spectrum App.

I would recommend to go to the Cortex XDR tenant and find this specific incident. Locate the wildfire information and identify the action/behavior that triggered that verdict.

In the case of the Spectrum mobile app, I downloaded the Wildfire report from Cortex XDR and found out that this app was trying to contact a fishy URL. The URL had no information and was potentially malicious (virustotal was inconclusive I think, can't remember), it could have been just a brand new domain which could also trigger URL filtering to flag as malicious.

Example of another similar incident:

Re: False positive detected for Radioplayer app. Please white list.

billbest21 — Tue, 28 Feb 2023 21:32:17 GMT

Info given in screenshots posted above.

App hash: f80297408af811666d54e5305accd9b27cbf0713097014a94f91c3ac7d6d16a1

Signature hash: f2782f7234b6091b1693bbeedffacc45

Link to Virustotal report for the file: unknown

Current VirustTotal Verdict: Malware

Description: see screenshots

Re: False positive detected for Radioplayer app. Please white list.

billbest21 — Tue, 28 Feb 2023 21:35:55 GMT

Thank you.

Unfortunately, I don't know what this means:

I would recommend to go to the Cortex XDR tenant

Re: False positive detected for Radioplayer app. Please white list.

Gustavo_Aristi — Tue, 28 Feb 2023 21:42:33 GMT

Gotcha, no problem. Whomever installed Cortex XDR agent on your device perhaps your IT department, or your managed services provider, etc, would know.

That is the central point of intelligence for your Cortex XDR deployment. Your Cortex XDR agent is connected to it and sends information to this central location and this central location sends information back to your device as well as instructions.

Your Cortex XDR / IT / Security team could also report the verdict as incorrect as follows:

I would first take a look at the previously mentioned Wildfire report to get a concrete idea of what triggered this verdict. This is potentially something that the developers of the the radioplayer app will find useful and will address it.

Re: False positive detected for Radioplayer app. Please white list.

DaBone — Tue, 28 Feb 2023 21:55:51 GMT

I've submitted this file for review.