https://live.paloaltonetworks.com/t5/virustotal/false-positive-removal-request-generic-ml/m-p/242900#M834 <P>Hello,</P><P>&nbsp;</P><P>I heard from our team, the verdict for this file is changed to benign. This change is immediately&nbsp;reflected in the WildFire and within 24-48 hours in our Anti Virus.</P><P>&nbsp;</P><P>Thanks</P><P>Himani</P> Tue, 11 Dec 2018 21:19:33 GMT hisingh 2018-12-11T21:19:33Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-removal-request-generic-ml/m-p/242720#M832 <P class="engine style-scope vt-detections">&nbsp;</P><P>SHA-256</P><TABLE><TBODY><TR><TD>cf9a5ca5ad376234ba38d374d855fce048dd7abda4955a4548874d412fb4355e</TD></TR><TR><TD>Vox_Imago_PC.exe</TD></TR><TR><TD>236 KB</TD></TR><TR><TD>2018-12-10 14:00:51 UTC</TD></TR></TBODY></TABLE><P>&nbsp;</P><P><A href="https://www.virustotal.com/#/file/cf9a5ca5ad376234ba38d374d855fce048dd7abda4955a4548874d412fb4355e/detection" target="_blank">https://www.virustotal.com/#/file/cf9a5ca5ad376234ba38d374d855fce048dd7abda4955a4548874d412fb4355e/detection</A></P><P>&nbsp;</P><P>You can download a sample from <A href="http://giga.simetranet.com/Vox_Imago_PC.zip" target="_blank">http://giga.simetranet.com/Vox_Imago_PC.zip</A></P><P>is a password protected zip file the archive password is "infected"</P><P>&nbsp;</P><P>This is a FALSE POSITIVE, please we kindly request to correct your antivirus detection</P><P><BR />This an executable for a ROM track (DVD-ROM) Multimedia DVD that simply auto-execute the multimedia application present in the dvd-rom.</P><P>We made the executable and it isn't a virus or malware but actually it is recognized by your antivirus heuristic code as a malware-like.</P><P>We hereby declare that this code doesn't contain any malware or virus code, the executable will generate a simple BAT file that will change directory and call another executable in the cd-rom executing those shell commands:<BR />--<BR />cd voximago<BR />Vox_Imago_PC.exe<BR />--<BR />Actually is needed because the real executable only work in a sub-directory but we need to execute it from the root directory of the cd-rom.<BR /><BR />We are requesting to be identified as secure also because we can’t modify the cd-rom already distribuited.<BR /><BR />Thankyou very much.<BR />Best regards.</P><P>--</P><P>Carlo Santagostino</P><P><A href="mailto:carlo@sugartec.it" target="_blank">carlo@sugartec.it</A></P><P>+39 371 1437050</P><P>SUGARTEC by NORMADIGITAL SRL</P><P>Sede legale: Viale Renato Serra 6 – 20148 – Milano (MI)</P><P>Tel. +39.02.84258991 - Fax. +39.02.87183135 – <A href="mailto:info@sugartec.it" target="_blank">info@sugartec.it</A> – <A href="http://www.sugartec.it" target="_blank">www.sugartec.it</A></P><P>Registro delle Imprese di Milano - Codice Fiscale e P.I. n. 08885450968 - C.C.I.A.A. di Milano R.E.A. n. MI-2054939</P><P>&nbsp;</P> Mon, 10 Dec 2018 14:40:22 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-removal-request-generic-ml/m-p/242720#M832 Normadigital 2018-12-10T14:40:22Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-removal-request-generic-ml/m-p/242753#M833 <P>Hi Normadigital,</P><P>&nbsp;</P><P>The VT scan is 18/67.&nbsp;</P><P>I have submitted this sample to our malware team. I will update once I hear from them.</P><P>&nbsp;</P><P>&nbsp;</P><P>Best Regards</P><P>Himani</P> Mon, 10 Dec 2018 19:42:05 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-removal-request-generic-ml/m-p/242753#M833 hisingh 2018-12-10T19:42:05Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-removal-request-generic-ml/m-p/242900#M834 <P>Hello,</P><P>&nbsp;</P><P>I heard from our team, the verdict for this file is changed to benign. This change is immediately&nbsp;reflected in the WildFire and within 24-48 hours in our Anti Virus.</P><P>&nbsp;</P><P>Thanks</P><P>Himani</P> Tue, 11 Dec 2018 21:19:33 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-removal-request-generic-ml/m-p/242900#M834 hisingh 2018-12-11T21:19:33Z