https://live.paloaltonetworks.com/t5/general-topics/wininetplugin-dll-showing-as-virus-in-pan-os-8-1-9-h4/m-p/287838#M76754 <P>Hello ...</P><P>&nbsp;</P><P>I forwarded your email to my colleague who did the Hash lookup and he also found nothing threat related.</P><P>He also said its an OS update Win 10 file from Microsoft.&nbsp;</P><P>For the time being i allowed it but i am not sure should i keep it excluded.</P><P><span class="lia-unicode-emoji" title=":confused_face:">😕</span> ?</P> Wed, 11 Sep 2019 12:35:24 GMT khanshahidnazir 2019-09-11T12:35:24Z https://live.paloaltonetworks.com/t5/general-topics/wininetplugin-dll-showing-as-virus-in-pan-os-8-1-9-h4/m-p/286296#M76567 <P>Hi Guys</P><P>&nbsp;</P><P><SPAN>I was running a windows 7 to 10 update setup and in between i got some error.</SPAN></P><P><SPAN>After finding out (Wininetplugin.dll) is showing as Virus and that was the error reason.</SPAN></P><P>&nbsp;</P><P><SPAN>Could you guys please explain a bit more about this.</SPAN></P><P>&nbsp;</P><P><SPAN>Thanks &amp; Appreciate</SPAN></P> Tue, 03 Sep 2019 11:31:41 GMT https://live.paloaltonetworks.com/t5/general-topics/wininetplugin-dll-showing-as-virus-in-pan-os-8-1-9-h4/m-p/286296#M76567 khanshahidnazir 2019-09-03T11:31:41Z https://live.paloaltonetworks.com/t5/general-topics/wininetplugin-dll-showing-as-virus-in-pan-os-8-1-9-h4/m-p/286351#M76574 <P>Good Day</P><P>&nbsp;</P><P>I looked at the Threat Vault from PANW, and do not see any false postive messages.</P><P>&nbsp;</P><P>What was the virus signature name and ID that you saw.</P><P>&nbsp;</P><P>How did you confirm that this .dll did NOT have a true positive virus attached to it?</P><P>Did you only rely on your endpoint AV not flagging it or quarating this file?</P><P>&nbsp;</P><P>Please advise, so we can help you.</P> Tue, 03 Sep 2019 18:09:15 GMT https://live.paloaltonetworks.com/t5/general-topics/wininetplugin-dll-showing-as-virus-in-pan-os-8-1-9-h4/m-p/286351#M76574 S.Cantwell 2019-09-03T18:09:15Z https://live.paloaltonetworks.com/t5/general-topics/wininetplugin-dll-showing-as-virus-in-pan-os-8-1-9-h4/m-p/286471#M76597 <P>Greetings &amp; Good Day To You Too ...</P><P>&nbsp;</P><P>This is the ID &amp; Virus Description&nbsp;</P><P>Threat ID&nbsp; &nbsp; &nbsp; &nbsp;:&nbsp; 268424925<BR />Threat Name :&nbsp; Virus/Win32.WGeneric.aavcql</P><P>&nbsp;</P><P>We tried in our corporate AV which is Symantec and it showed file as clean.</P><P>Would appreciate inputs from you.</P> Wed, 04 Sep 2019 05:35:57 GMT https://live.paloaltonetworks.com/t5/general-topics/wininetplugin-dll-showing-as-virus-in-pan-os-8-1-9-h4/m-p/286471#M76597 khanshahidnazir 2019-09-04T05:35:57Z https://live.paloaltonetworks.com/t5/general-topics/wininetplugin-dll-showing-as-virus-in-pan-os-8-1-9-h4/m-p/286835#M76656 <P>Howdy again.</P><P>&nbsp;</P><P>As I thought... how do you know that the Symantec had the most current signatures available to it.</P><P>The signature you provided, I went to the Threat Database and found the hash for the signature</P><P>&nbsp;</P><P>44e0fa6a16669f1ed7ae4ea7bb0ac2100f67faf1ab6d38a11d47b70eba205766</P><P class="">Name: Virus/Win32.WGeneric.aavcql</P><P class="tabbed-header Pre-71 Post-71">Unique Threat ID: 268424925</P><P class="">Create Time: 2019-05-01 20:42:43 (UTC)</P><P class="">&nbsp;</P><P>When I goto Virus Total, that specific hash cannot be found.&nbsp;</P><P>It has been documented that Wildfire can find Malware hours/days/weeks before the other AV vendors see it.</P><P>Now, I am not suggesting either way a false postive or not.&nbsp;</P><P>&nbsp;</P><P>From my (albeit layman) perspective, your AV did not find match a known AV signature</P><P>Are you able to confirm that your AV vendor has a signature for the hash above?</P><P>&nbsp;</P><P>So, if you AV is looking for an signature that is not in its database, does that imply that a new zero day malware could not evade detection?&nbsp; If that is true... then can you provide validation that the file is not, malware.</P><P>Absence of a response does not mean it is safe... it means there was no comparision... so still a gray area.</P><P>&nbsp;</P><P>Just my thoughts.&nbsp; You can open a ticket with TAC... eitherwise, we may be at an impasse.&nbsp; I simply do not know....</P><P>What do you suggest we do?</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 05 Sep 2019 23:09:37 GMT https://live.paloaltonetworks.com/t5/general-topics/wininetplugin-dll-showing-as-virus-in-pan-os-8-1-9-h4/m-p/286835#M76656 S.Cantwell 2019-09-05T23:09:37Z https://live.paloaltonetworks.com/t5/general-topics/wininetplugin-dll-showing-as-virus-in-pan-os-8-1-9-h4/m-p/287838#M76754 <P>Hello ...</P><P>&nbsp;</P><P>I forwarded your email to my colleague who did the Hash lookup and he also found nothing threat related.</P><P>He also said its an OS update Win 10 file from Microsoft.&nbsp;</P><P>For the time being i allowed it but i am not sure should i keep it excluded.</P><P><span class="lia-unicode-emoji" title=":confused_face:">😕</span> ?</P> Wed, 11 Sep 2019 12:35:24 GMT https://live.paloaltonetworks.com/t5/general-topics/wininetplugin-dll-showing-as-virus-in-pan-os-8-1-9-h4/m-p/287838#M76754 khanshahidnazir 2019-09-11T12:35:24Z