topic Re: False positive removal request (generic.ml) in VirusTotal

False positive removal request (generic.ml)

George2018 — Tue, 02 Jan 2018 16:42:11 GMT

2 versions of Dll file used in our company's privacy/anti-tracking app are falsely marked as generic.ml by Palo Alto engine (results based on Virustotal scan report.)

File version#1

File Hash: 6c7af7cf2a87f6a12be2b254cfc8349c

Link to Virustotal report for the file: https://www.virustotal.com/#/file/42db01439e1ab94638bb1c96b9e27a52c9a8a75e622e8f8df85241e895507cc7/details

Current VirustTotal Verdict: generic.ml

File version#2

File Hash: 5deecfe1beec58021a92e4838fc58e70

Link to Viristotal: https://www.virustotal.com/#/file/8ee884ec7bf9d728a15b3b5edcbf6de3197b822a842e8013725ecd2d8fee07c1/details

Current VirusTotal Verdict: generic.ml

These files are used by our app to provide anti-tracking and advertisment blocking services to our customers. Is there a possibility to whitelist these files by signature, so that we don't run into same FP in future? Thank you!

Re: False positive removal request (generic.ml)

George2018 — Fri, 05 Jan 2018 14:10:12 GMT

Still waiting for some feedback on our product case.

Re: False positive removal request (generic.ml)

bvandivier — Fri, 05 Jan 2018 16:01:24 GMT

Files with hash 42db01439e1ab94638bb1c96b9e27a52c9a8a75e622e8f8df85241e895507cc7 and 8ee884ec7bf9d728a15b3b5edcbf6de3197b822a842e8013725ecd2d8fee07c1 have been submitted for review by our analysts and verdict flip to benign.

Re: False positive removal request (generic.ml)

George2018 — Sat, 06 Jan 2018 11:05:16 GMT

Hi, thak you for an update, but on VT we still see the same result (detection with generic.ml). Do we have to wait for the update?

Also, is there a possibility to whitelist this file by our signature, so that it doesn't get marked in the upcoming versions of the product?

Re: False positive removal request (generic.ml)

mivaldi — Tue, 09 Jan 2018 19:31:59 GMT

You had to wait for the update, it's showing clean now. If I understood the update correctly from our analysts, the signer has been added to the trusted signer list, but I don't have a way to verify that at this time. If you observe a new FP, please make sure to request the signer be added to the trusted list to prevent FP's from reocurring.