We are getting several false positives for the following:
Hashes: MD5 -
Solved! Go to Solution.
I'm getting a similar false positive for Microsoft Directory Services/ms-ds-smbv3 - Virus/Win32.WGeneric.adwxyf. Occurs when attempting to copy Symantec Antivirus from a share.
Turns out there was a GPO to not permit logins to multiple sessions. This GPO called on a directory and copied some files locally. It wasn't until we started looking at the AV in addition to Palo we saw there was a "login.exe" being detected and flagged. After moving the user's OU and deleting the local copy, the GPO no logger applied and the alerts ceased.
Luckily there was a "misc:" field in the Palo alert which eventually tipped us off.
Best of luck!
In the future open a case with Palo Alto networks through your portal. THis is not the place to discuss your private network.
As a Palo Alto customer you have Support included and we could find and fix this much faster without exposing your files to the internet.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!