THREAT false positives on MS software when using Global Protect.

Reply
L0 Member

THREAT false positives on MS software when using Global Protect.

I'm seeing what look slike a lot of false positives when using global protect. For example, Microsoft's Logon.exe excutable and any MS Endpoint patches

An example is

AM_Engine_Patch_1.1.15400.4.exe
SHA-256 Hash: 74f9dc35fc9f5ab02e46843e8ccf569478961ea58dc2655690516199c1eab928

which PAN-OS 8.0.7 is flagging as Virus/Win32.WGeneric.tphtk(214705593)

 

I didn't spot anything in release notes for 8.0.7+ that

Highlighted
L7 Applicator

Re: THREAT false positives on MS software when using Global Protect.

Hello,

We occasionally also see this type of behavior. Its just how the PAN see's the files and it creates a false positive. The best thing to do is create a support ticket so they can get more info and correct the signatures.

 

Regards,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!