topic Win32.malicious.dhlx in General Topics

Win32.malicious.dhlx

jdprovine — Wed, 02 Nov 2016 15:45:18 GMT

Is anyone seeing this on their palo alot blocking some traffic?

Re: Win32.malicious.dhlx

BenjAudy.MTL — Wed, 02 Nov 2016 16:06:12 GMT

Hi,

I only saw it a few times for a JAR file. It's probably a false positive, since the name of the virus contains Win32 and it has nothing to do with a Java archive.

Benjamin

Re: Win32.malicious.dhlx

jdprovine — Wed, 02 Nov 2016 16:11:15 GMT

Yeah thats what I thought too so I submitted it to PA to check and make sure its a false positive

Re: Win32.malicious.dhlx

MangoTango — Thu, 03 Nov 2016 13:29:04 GMT

We were seeing a large amount of false positives with the signature also. Opened up a support case, the problem has been fixed in the latest content update.

Re: Win32.malicious.dhlx

jdprovine — Thu, 03 Nov 2016 21:09:31 GMT

This is the second or third time we have come across this issue in the last few months