Wininetplugin.dll showing as Virus in PAN OS 8.1.9 h4

L1 Bithead

Wininetplugin.dll showing as Virus in PAN OS 8.1.9 h4

Hi Guys

 

I was running a windows 7 to 10 update setup and in between i got some error.

After finding out (Wininetplugin.dll) is showing as Virus and that was the error reason.

 

Could you guys please explain a bit more about this.

 

Thanks & Appreciate

L4 Transporter

Re: Wininetplugin.dll showing as Virus in PAN OS 8.1.9 h4

Good Day

 

I looked at the Threat Vault from PANW, and do not see any false postive messages.

 

What was the virus signature name and ID that you saw.

 

How did you confirm that this .dll did NOT have a true positive virus attached to it?

Did you only rely on your endpoint AV not flagging it or quarating this file?

 

Please advise, so we can help you.

L1 Bithead

Re: Wininetplugin.dll showing as Virus in PAN OS 8.1.9 h4

Greetings & Good Day To You Too ...

 

This is the ID & Virus Description 

Threat ID       :  268424925
Threat Name :  Virus/Win32.WGeneric.aavcql

 

We tried in our corporate AV which is Symantec and it showed file as clean.

Would appreciate inputs from you.

L4 Transporter

Re: Wininetplugin.dll showing as Virus in PAN OS 8.1.9 h4

Howdy again.

 

As I thought... how do you know that the Symantec had the most current signatures available to it.

The signature you provided, I went to the Threat Database and found the hash for the signature

 

44e0fa6a16669f1ed7ae4ea7bb0ac2100f67faf1ab6d38a11d47b70eba205766

Name: Virus/Win32.WGeneric.aavcql

Unique Threat ID: 268424925

Create Time: 2019-05-01 20:42:43 (UTC)

 

When I goto Virus Total, that specific hash cannot be found. 

It has been documented that Wildfire can find Malware hours/days/weeks before the other AV vendors see it.

Now, I am not suggesting either way a false postive or not. 

 

From my (albeit layman) perspective, your AV did not find match a known AV signature

Are you able to confirm that your AV vendor has a signature for the hash above?

 

So, if you AV is looking for an signature that is not in its database, does that imply that a new zero day malware could not evade detection?  If that is true... then can you provide validation that the file is not, malware.

Absence of a response does not mean it is safe... it means there was no comparision... so still a gray area.

 

Just my thoughts.  You can open a ticket with TAC... eitherwise, we may be at an impasse.  I simply do not know....

What do you suggest we do?

 

 

L1 Bithead

Re: Wininetplugin.dll showing as Virus in PAN OS 8.1.9 h4

Hello ...

 

I forwarded your email to my colleague who did the Hash lookup and he also found nothing threat related.

He also said its an OS update Win 10 file from Microsoft. 

For the time being i allowed it but i am not sure should i keep it excluded.

:/ ?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!