topic Re: False positive removal request-generic.ml in VirusTotal

False positive removal request-generic.ml

vinod_r2 — Wed, 14 Feb 2018 15:12:02 GMT

We are seeing False positive on our binaries , request assitance to Whitelist this... if possible also point me to place for proactive whitelisting to avoid detection in future on other binaries as all our binaries are signed

File Hash: 07c3fe8a8f0b2f3dce76e7754f71efb8b6cfaf92e6ec0d575462a719b090603b

Link to Virustotal report for the file: https://www.virustotal.com/#/file/07c3fe8a8f0b2f3dce76e7754f71efb8b6cfaf92e6ec0d575462a719b090603b/detection

Current VirustTotal Verdict: generic.ml

Description: In house file used by support reps. digitally signed binaries.

File Hash: c1e0ca19ca664ffb65db7957fabc5ad2

Link to Virustotal report for the file: https://www.virustotal.com/#/file/07c3fe8a8f0b2f3dce76e7754f71efb8b6cfaf92e6ec0d575462a719b090603b/detection

Current VirustTotal Verdict: generic.ml

Description: In house file used by support reps. digitally signed binaries.

Re: False positive removal request-generic.ml

bvandivier — Wed, 14 Feb 2018 15:29:23 GMT

Both files have been queued for review. Please allow us 24 to 48 hours to process these samples.

Re: False positive removal request-generic.ml

vinod_r2 — Wed, 14 Feb 2018 15:35:48 GMT

that was super quick response to the post... appreciate it.. will await a response.

btw- if there are options for whitelisting proactively do share the same , appreciate the help

Re: False positive removal request-generic.ml

mivaldi — Wed, 14 Feb 2018 22:58:08 GMT

We can whitelist a signer. Are these samples digitally signed?

Re: False positive removal request-generic.ml

vinod_r2 — Thu, 15 Feb 2018 07:33:32 GMT

Yes all our binaries are digitally signed by SHA256 and sha1 signatures.. EV authenticode

Re: False positive removal request-generic.ml

bvandivier — Thu, 15 Feb 2018 16:15:36 GMT

Both samples were update to "benign" as of 9:43 CST this morning. Please allow some time for this change to be reflected on virustotal.com.

Re: False positive removal request-generic.ml

vinod_r2 — Mon, 26 Feb 2018 16:17:04 GMT

What is the process to proceed for whitelist based on signature?.. would love to take this up to avoid chasing detection for suppression etc.....

Re: False positive removal request-generic.ml

mivaldi — Tue, 27 Feb 2018 23:23:51 GMT

The next time you submit an FP, please ask the signer to be whitelisted.

Re: False positive removal request-generic.ml

vinod_r2 — Wed, 28 Feb 2018 09:33:12 GMT

Wondering if we should wait for a False positive to occur and then raise this request. Would it not be easier for all if we proceed with the CA whitelisting now than later so its more proactive rather reactive. if the team requires more file samples or such happy to supply those

Re: False positive removal request-generic.ml

mivaldi — Thu, 01 Mar 2018 23:35:43 GMT

Ok, I opened an internal request for you, will let you know once our threat researchers review the sample's signer.

Re: False positive removal request-generic.ml

vinod_r2 — Fri, 02 Mar 2018 07:16:47 GMT

Thank you.

Re: False positive removal request-generic.ml

mivaldi — Fri, 02 Mar 2018 18:56:55 GMT

The signer's related samples have been reviewed, and there is now a formal WildFire Cloud request to have 'Sutherland Global Services, Inc.' added to our whitelist.