https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/250372#M883 <P>File Hash: 44e94be969d812a907cc14e68c43280709b9be555e5c966e820af1eb6f7f48c3</P><P>Link to Virustotal report for the file: <A href="https://www.virustotal.com/en/file/44e94be969d812a907cc14e68c43280709b9be555e5c966e820af1eb6f7f48c3/analysis/1550490208/" target="_blank">https://www.virustotal.com/en/file/44e94be969d812a907cc14e68c43280709b9be555e5c966e820af1eb6f7f48c3/analysis/1550490208/</A></P><P>Virustotal verdict: 0/67</P><P>Description: Visma InSchool Primus client ver: W4.59.2</P> Mon, 18 Feb 2019 12:05:14 GMT Salde 2019-02-18T12:05:14Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/250372#M883 <P>File Hash: 44e94be969d812a907cc14e68c43280709b9be555e5c966e820af1eb6f7f48c3</P><P>Link to Virustotal report for the file: <A href="https://www.virustotal.com/en/file/44e94be969d812a907cc14e68c43280709b9be555e5c966e820af1eb6f7f48c3/analysis/1550490208/" target="_blank">https://www.virustotal.com/en/file/44e94be969d812a907cc14e68c43280709b9be555e5c966e820af1eb6f7f48c3/analysis/1550490208/</A></P><P>Virustotal verdict: 0/67</P><P>Description: Visma InSchool Primus client ver: W4.59.2</P> Mon, 18 Feb 2019 12:05:14 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/250372#M883 Salde 2019-02-18T12:05:14Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/250430#M884 <P>Hello</P><P>&nbsp;</P><P>This hash (<SPAN>44e94be969d812a907cc14e68c43280709b9be555e5c966e820af1eb6f7f48c3) is tied to a benign file.</SPAN></P><P>&nbsp;</P><P><SPAN>I have asked our team to check signatrue&nbsp;&nbsp;Virus/Win32.WGeneric.yeksq</SPAN></P><P>&nbsp;</P><P><SPAN>Thanks</SPAN></P><P><SPAN>Himani</SPAN></P> Tue, 19 Feb 2019 07:48:06 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/250430#M884 hisingh 2019-02-19T07:48:06Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/250468#M887 <P>Hello,</P><P>&nbsp;</P><P>This signature is been disabled.</P><P>&nbsp;</P><P>Thanks</P><P>Himani</P> Tue, 19 Feb 2019 17:45:39 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/250468#M887 hisingh 2019-02-19T17:45:39Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/334007#M1480 <P>Even we have recieved&nbsp;Virus/Win32.WGeneric.aahwee signature&nbsp;Threat ID: 2001455.</P><P>&nbsp;</P><P>Any thoughts?&nbsp;</P> Thu, 18 Jun 2020 09:28:59 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/334007#M1480 srinivaskarthik 2020-06-18T09:28:59Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/334015#M1481 <P>Hi Himani,</P><P>Could you also check&nbsp;Virus/Win32.WGeneric.aahwee signature, Threat ID: 2001455 as we are getting to many alerts</P> Thu, 18 Jun 2020 09:38:51 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/334015#M1481 srinivaskarthik 2020-06-18T09:38:51Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/334187#M1483 <P>This forum is for non-customers reporting WildFire verdict FP's on VirusTotal.</P><P>If you have an AV signature triggering as an FP in your firewall, please open a Support case.</P> Thu, 18 Jun 2020 20:53:02 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/334187#M1483 mivaldi 2020-06-18T20:53:02Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/395894#M1829 <P>Hi Team,&nbsp;</P><P>Lately I have started seeing lots of&nbsp; Threat Logs for Threat ID&nbsp;406494039 which is for&nbsp;Virus/Win32.WGeneric.bcqcxs as per&nbsp;<A href="https://threatvault.paloaltonetworks.com/" target="_blank">https://threatvault.paloaltonetworks.com/</A>&nbsp;however the hashes provided in the signature/threat ID definition i have checked in Virus Total and other hash file repuation check , these are not reported any where so i have few question</P><P>&nbsp;</P><P>1)If the hashes (below mentioned )corresponding to which this threat is checking are not malicious in any way then why the alert is triggering ?<BR /><BR />2) Since Palo alto is blocking these connection based on Threat ID and sending reset-both to client and server then why firewall resets the connection continuously i have seen 700+ logs&nbsp; in less 11 hours so what this signifies some one was accessing the file continuously for 11 hours if not then why did firewall kept on sending reset-both for 11 hours ?</P><P>&nbsp;</P><P>I would request you to please answer the above questions as soon as possible also i did not found a way to post a new question hence asking my questions here ..thanks&nbsp;</P> Mon, 05 Apr 2021 21:35:09 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/395894#M1829 PratulSingh 2021-04-05T21:35:09Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/396353#M1830 <P>Please provide an answer to the above questions ASAP.&nbsp;</P> Wed, 07 Apr 2021 15:13:43 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/396353#M1830 PratulSingh 2021-04-07T15:13:43Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/539347#M2370 <P>&nbsp;</P> <SECTION data-reactid=".0.1.1:$VbSpS"> <DIV class="bootstrap-table"> <DIV class="fixed-table-container"> <DIV class="fixed-table-body"> <P>Can I get assistance on this false positive.<BR /><BR /></P> <TABLE id="antivirus-signatures" class="table table-bordered pan-grid table-hover" data-pagination="true" data-toggle="table" data-pagination-v-align="top" data-reactid=".0.1.1:$VbSpS.1"> <TBODY data-reactid=".0.1.1:$VbSpS.1.1"> <TR data-index="0" data-reactid=".0.1.1:$VbSpS.1.1.0"> <TD data-reactid=".0.1.1:$VbSpS.1.1.0.2"> <DIV data-reactid=".0.1.1:$VbSpS.1.1.0.2.0"> <P class="hash sha256" data-reactid=".0.1.1:$VbSpS.1.1.0.2.0.0">9a27f17d859d7f60a26030c7a0ef3698ffa0ff5ff4230963e52ab79a6a4dacdf</P> </DIV> </TD> </TR> </TBODY> </TABLE> <P><SPAN>Virus/Win32.WGeneric.dyafjk<BR /></SPAN></P> <P class="" data-reactid=".0.1.1:$VbSpS.1.1.0.0.1">Unique Threat ID: 575312775<BR /><SPAN>Create Time: 2023-03-15 02:43:51 (UTC)</SPAN></P> <P class="" data-reactid=".0.1.1:$VbSpS.1.1.0.0.1">&nbsp;</P> <P>&nbsp;</P> </DIV> </DIV> </DIV> </SECTION> Wed, 19 Apr 2023 11:52:49 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/539347#M2370 Salathiwe 2023-04-19T11:52:49Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/539430#M2371 <P>please create a new post and include the information requested in the pinned post.</P> Wed, 19 Apr 2023 23:19:12 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/539430#M2371 DaBone 2023-04-19T23:19:12Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/565625#M2418 <P>Hello, this virus seems false positive. Its getting blocked at the firewall.&nbsp;<BR /><SPAN>Virus/Win32.WGeneric.atqfjb</SPAN><BR /><SPAN>a5bf3c0390b210abd3dacd1eb6d767b66962e0658470ac0b64ad281771ea9d0e</SPAN></P> Tue, 14 Nov 2023 15:49:37 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/565625#M2418 shahzb 2023-11-14T15:49:37Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/565677#M2419 <P>please create a new post&nbsp;</P> Tue, 14 Nov 2023 20:11:29 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/565677#M2419 DaBone 2023-11-14T20:11:29Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/575270#M2432 <P>Hello all,</P> <P>When I am trying to download&nbsp;<A href="https://marketplace.visualstudio.com/items?itemName=ritwickdey.LiveServer" target="_blank">https://marketplace.visualstudio.com/items?itemName=ritwickdey.LiveServer</A>&nbsp;this extension. <SPAN>Its getting blocked at the firewall via this signature&nbsp;</SPAN><EM>Virus/Win32.WGeneric.atqfjb.</EM></P> <P>&nbsp;</P> <P>Is that false positive ?</P> Thu, 01 Feb 2024 09:32:25 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/575270#M2432 tombombadil 2024-02-01T09:32:25Z https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/575551#M2433 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/263943">@tomber</a>&nbsp;You should open a Support ticket for this. This forum is mean to provide assistance to VirusTotal users that are&nbsp;not Palo Alto Networks customers, regarding FP detections by Palo Alto Networks observed in VirusTotal detection reports, and not in firewalls.</P> Fri, 02 Feb 2024 18:14:36 GMT https://live.paloaltonetworks.com/t5/virustotal/false-positive-virus-win32-wgeneric-yeksq/m-p/575551#M2433 mivaldi 2024-02-02T18:14:36Z