topic FalsePositive on Silverlight.exe (Virus/Win32.slugin.ozi ID: 2044771) in General Topics

FalsePositive on Silverlight.exe (Virus/Win32.slugin.ozi ID: 2044771)

Alex_Graser — Mon, 21 Dec 2015 13:22:01 GMT

Hello Community!

I wonder if anyone else is getting a FalsPositive-Hit in AntiVirus-Protection on downloading Silverlight.exe?

When we use the following Link: http://go.microsoft.com/fwlink/?LinkID=623682

the page is blocked do to AntiVirus-Profile. In our ThreatLog we can see that the file Silverlight.exe is beeing blocked because it is identified as Virus/Win32.slugin.ozi ID: 2044771.

We are running a PA-3020 in an HA-Pair with the follwing SW-Version:

sw-version: 6.1.6

app-version: 546-3064
app-release-date: 2015/12/17 13:57:30
av-version: 1724-2202
av-release-date: 2015/12/20 04:00:02
threat-version: 546-3064
threat-release-date: 2015/12/17 13:57:30

wildfire-version: 83278-90094
wildfire-release-date: 2015/12/21 04:16:02

I downloaded the file an run a scan on VirusTotal with the following result:

SHA256:	bd7ec2cd5d5e31d39a183854c587681f49d1fc0de47ef79ab0ea6d509de64938
Dateiname:	Silverlight.exe
Erkennungsrate:	0 / 53
Analyse-Datum:	2015-12-21 13:18:55 UTC ( vor 1 Minute )

Probably harmless! There are strong indicators suggesting that this file is safe to use.

To me it seems to be a FalsePositive.

Is anyone seeing the same issue?

Thanks,

Alex.

Re: FalsePositive on Silverlight.exe (Virus/Win32.slugin.ozi ID: 2044771)

Brandon_Wertz — Mon, 21 Dec 2015 18:29:44 GMT

We haven't...(20k+ users)

Re: FalsePositive on Silverlight.exe (Virus/Win32.slugin.ozi ID: 2044771)

Alex_Graser — Wed, 23 Dec 2015 10:57:08 GMT

Thanks for your info, Brandon!

I did another test today (using this link: http://go.microsoft.com/fwlink/?LinkID=623682 ) , since were now on AV-Version 1726-2204, but again it is identified as Virus/Win32.slugin.ozi ID: 2044771

In our AV-Profile we set the action for http to block. Never had any issues before.

VirusTotal still states: Probably harmless! There are strong indicators suggesting that this file is safe to use.

Alex.

Re: FalsePositive on Silverlight.exe (Virus/Win32.slugin.ozi ID: 2044771)

reaper — Wed, 23 Dec 2015 12:08:39 GMT

Hi Alex

Did you open a support case with TAC? They could investigate and remediate the issue

regards

Tom

Re: FalsePositive on Silverlight.exe (Virus/Win32.slugin.ozi ID: 2044771)

Retired Member — Thu, 24 Dec 2015 19:56:26 GMT

We have the same issue.

Our PA found it in traffc between our WSUS server and Windows 7 client.

Apparently our other PA did not detect if when the WSUS server downloaded it from the Internet or at that moment its was running antoher AV definition version.

Re: FalsePositive on Silverlight.exe (Virus/Win32.slugin.ozi ID: 2044771)

OtakarKlier — Thu, 24 Dec 2015 20:46:57 GMT

I just downloaded Silverlight via the link that was posted and WildFire saw it as clean.

Here are the versions we are currently running:

Sounds like a TAC case is the best option?

Re: FalsePositive on Silverlight.exe (Virus/Win32.slugin.ozi ID: 2044771)

Alex_Graser — Mon, 28 Dec 2015 08:24:56 GMT

Thanks for all of your replies!

I didn´t open a case yet, because it looks like i´m not able to open one direct at PaloAlto. We have Premium Partner Support, so I think I would have to contact our Partner. Now, between Christmas and NewYear it´s a little bit tricky here!

Anyway, I tested again today, since we´re now an AV-Version 1731-2209 (12/27/15) and it looks like it is corrected now!

Maybe anyone else contacted TAC 😉

Thanks to all!

Alex.