False Positive: Virus/Win32.WGeneric.qqpeo(199010010)

Reply
Highlighted
L0 Member

False Positive: Virus/Win32.WGeneric.qqpeo(199010010)

Hello,

 

We are getting several false positives for the following:

Hashes: MD5 - 

522aaef14fd04b0cfbb92a5fb67f8daa

c5d262166b7f4e9972d7e3e25df36d5c

1910b1d2c94992fc21c6431a0eae1d78

1ea5f8f65c07140d6fe639cf792a210c

ffabe0604710b1070d044aa137465cd1

48b696a3e96865a38cb4ee6c34163f19

8d6abf4c351ee1d30ba40ddd61a2d60f

b636ebe64a2905f61d659a854c5d5cf4

e4de7fb09f13c7d0cb4d31083a1b6706

ef002bca6c0f92debfa2d896a727ceaa

https://www.virustotal.com/gui/file/866aef3c8c9b4a7ccf6d6cad22a8b05d0ffed8e18590ec3d3e5b734d771363e3...

L0 Member

Re: False Positive: Virus/Win32.WGeneric.qqpeo(199010010)

I'm getting a similar false positive for Microsoft Directory Services/ms-ds-smbv3 - Virus/Win32.WGeneric.adwxyf. Occurs when attempting to copy Symantec Antivirus from a share. 

L0 Member

Re: False Positive: Virus/Win32.WGeneric.qqpeo(199010010)

UPDATE:

 

Turns out there was a GPO to not permit logins to multiple sessions. This GPO called on a directory and copied some files locally. It wasn't until we started looking at the AV in addition to Palo we saw there was a "login.exe" being detected and flagged. After moving the user's OU and deleting the local copy, the GPO no logger applied and the alerts ceased.

 

Luckily there was a "misc:" field in the Palo alert which eventually tipped us off.

 

Best of luck!

L4 Transporter

Re: False Positive: Virus/Win32.WGeneric.qqpeo(199010010)

In the future open a case with Palo Alto networks through your portal. THis is not the place to discuss your private network. 

As a Palo Alto customer you have Support included and we could find and fix this much faster without exposing your files to the internet. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!