This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

False positive removal request (generic.ml)

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

False positive removal request (generic.ml)

George2018
L1 Bithead

‎01-02-2018 08:42 AM

2 versions of Dll file used in our company's privacy/anti-tracking app are falsely marked as generic.ml by Palo Alto engine (results based on Virustotal scan report.)

 

File version#1

File Hash: 6c7af7cf2a87f6a12be2b254cfc8349c

Link to Virustotal report for the file: https://www.virustotal.com/#/file/42db01439e1ab94638bb1c96b9e27a52c9a8a75e622e8f8df85241e895507cc7/d...

Current VirustTotal Verdict: generic.ml

 

File version#2

File Hash: 5deecfe1beec58021a92e4838fc58e70

Link to Viristotal: https://www.virustotal.com/#/file/8ee884ec7bf9d728a15b3b5edcbf6de3197b822a842e8013725ecd2d8fee07c1/d...

Current VirusTotal Verdict: generic.ml

 

These files are used by our app to provide anti-tracking and advertisment blocking services to our customers. Is there a possibility to whitelist these files by signature, so that we don't run into same FP in future? Thank you!

 

 

0 Likes Likes
4 REPLIES 4

George2018
L1 Bithead

‎01-05-2018 06:10 AM

Still waiting for some feedback on our product case.

0 Likes Likes

bvandivier
L5 Sessionator

‎01-05-2018 08:01 AM

Files with hash 42db01439e1ab94638bb1c96b9e27a52c9a8a75e622e8f8df85241e895507cc7 and 8ee884ec7bf9d728a15b3b5edcbf6de3197b822a842e8013725ecd2d8fee07c1 have been submitted for review by our analysts and verdict flip to benign.

George2018
L1 Bithead
In response to bvandivier

‎01-06-2018 03:05 AM

Hi, thak you for an update, but on VT we still see the same result (detection with generic.ml). Do we have to wait for the update?

Also, is there a possibility to whitelist this file by our signature, so that it doesn't get marked in the upcoming versions of the product?

0 Likes Likes

mivaldi
L7 Applicator
In response to George2018

‎01-09-2018 11:31 AM

You had to wait for the update, it's showing clean now. If I understood the update correctly from our analysts, the signer has been added to the trusted signer list, but I don't have a way to verify that at this time. If you observe a new FP, please make sure to request the signer be added to the trusted list to prevent FP's from reocurring.

0 Likes Likes
  • 3520 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks