topic Re: Removal from high-risk due to false positive in VirusTotal

Removal from high-risk due to false positive

Electask — Thu, 02 Nov 2023 22:07:57 GMT

Hi,

Our website, electask.com, was recently cleared of a false positive by CDRF and now has 0/90 vendors on VirusTotal flagging us as malicious. Can you please reduce our risk level?

https://www.virustotal.com/gui/url/8e1462a33ee7402dd3c3168239d3fe50cb0f5a8fc85527043398cf64e1dc3801?nocache=1

Best,

Max

Re: Removal from high-risk due to false positive

DaBone — Thu, 02 Nov 2023 22:15:56 GMT

This is not the place for these types of requests. This is for files and for non-customers to request a verdict change for their files.

The reason you are seeing a high risk by Palo Alto Networks is due to this URL being deemed malware:

electask[.]com/k56b

You can do a Request Change here:
https://urlfiltering.paloaltonetworks.com/

We will then do a manual review of the URL.

Re: Removal from high-risk due to false positive

Electask — Thu, 02 Nov 2023 22:17:45 GMT

Thank you. https://www.electask.com/k56b just directs to a 404. I'll submit a review

Re: Removal from high-risk due to false positive

Electask — Thu, 02 Nov 2023 22:21:00 GMT

Hi Dabone,

When I submit a request it gives me the following message:

"If you are trying to change the Risk rating, this cannot be done via Change Request. If the Risk rating is incorrect, please contact support."

Before this forum, I've tried half a dozen times to contact support via phone, chat, and submitting on the website but have been unable to reach anyone. Do you have any advice?

Re: Removal from high-risk due to false positive

DaBone — Thu, 02 Nov 2023 22:23:44 GMT

Are you a Palo Alto customer? If so, open a TAC case. If not, you can do the Request Change, and if it is changed, the Risk level will be lowered after ~30 days.

Re: Removal from high-risk due to false positive

Electask — Thu, 02 Nov 2023 22:28:48 GMT

I am not a customer. Is there anyway to get it faster than 30 days? Our customers use PANW and it’s impacting our business

Re: Removal from high-risk due to false positive

DaBone — Fri, 03 Nov 2023 01:39:20 GMT

Hello,
I have engaged our internal PANDB team to review this issue.
Here is a link to the ticket for reference. This is not a public facing domain. This is for reference for those that can assist with any updates. This could take a couple of working days for a response.
PDE-2806

Re: Removal from high-risk due to false positive

Electask — Fri, 03 Nov 2023 12:34:51 GMT

You're awesome. Thank you very much for the help!

Re: Removal from high-risk due to false positive

Electask — Mon, 06 Nov 2023 17:57:42 GMT

Hi DaBone,

I'm still seeing us as "high-risk." Is there any update on your end? Thank you again very much for looking into this.

Best,

Max

Re: Removal from high-risk due to false positive

tsullivan7 — Mon, 06 Nov 2023 22:44:38 GMT

I inquired from the engineers about the progress on this issue.

Re: Removal from high-risk due to false positive

DaBone — Tue, 07 Nov 2023 00:09:32 GMT

here is the response from our internal engineering team.

This domain was released as high-risk on 10/12/2023 as we observed the malicious child URL electask[.]com/k56b (VT 7 hits) on the same day. Our standard policy is to re-evaluate the risk level 30 days after the last release (i.e. 11/12/2023) and lower the risk if the malicious URL(s) are no longer present. However, I manually analyzed the domain and since the malicious URL is cleaned now, we lowered the risk to low-risk now.

==========

electask.com is now Low Risk

Re: Removal from high-risk due to false positive

Electask — Tue, 07 Nov 2023 00:19:51 GMT

You all are awesome! Thank you so much!

Max

Re: Removal from high-risk due to false positive

DaBone — Tue, 07 Nov 2023 00:28:28 GMT

You're very welcome; we are happy to help.