Frequent "generic.ml" False-Positives

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Frequent "generic.ml" False-Positives

L1 Bithead

Hi, 

 

We are a consumer software publisher, and since this year's March we're forced to continuously struggle with the mentioned frequent false-positives from your engine's side on a weekly (if not to say daily) basis.

 

We're releasing new files (installers of our apps, which are many) on a daily basis, and the vicious circle here looks something like the following:

 - we're detecting a ‘pack’ of the false-positives from your end - tens of our files get falsely flagged by your engine each time

 - we're uploading all the flagged files to our VirusTotal Monitor Collection

 - you usually stop flagging the files within a day or two after that, sometimes a bit longer, but in the mean-time - we're detecting another ‘pack’ of your false-positives again, then everything repeats

 

We have really lots of files, and their number is growing, so we're just not able to detect every false-positive immediately. Also, the limited storage space, provided by the VT Monitor Service, doesn't allow us to retain all our files, so we have to cull what to upload there manually and then upload manually - this can't be done immediately too. As soon as we've uploaded all necessary files to the VTmonitor Collection, you're resolving the flags fairly fast, yet anyway - not immediately as well. Everything this in sum means that a lot of our customers have more than enough time to actually see the false flags. Needless to say that it isn't good for our reputation at least.

 

Our question is: how can we stop this from being the case? What we can actually do now is to post-deal with the problem only, but are there any preventive actions we are able to take? Can you do something from your side to finally stop falsely flagging our files?

 

Regards,

2 REPLIES 2

L1 Bithead

Hi, PaloAlto, 

 

We can see our topic was escalated... Thanks, but we haven't heard anything back from you for a week. Do you perhaps need us to provide you with something more in order to get this resolved a little bit more promptly?

 

Regards,

L1 Bithead

Dear PaloAlto, 

 

We've discovered new false-positives against our files: 111 in total, and 100 out of these - from your "Palo Alto Networks (Known Signatures)" engine (Paloalto - version: 1.0 - update: 20191226). Kindly refer to the following screenshot:

 

Screenshot 2019-12-27 06.47.02 PAn (KS).png

 (https://www.virustotal.com/en/file/f4e79cf49c4123a3f8e621d308776abef303660f990e471151b60783c5e9bbed/...) 

 

Please do something about that, this has become quite a considerable problem for us, and it lasts too long and too invasive...

 

Regards,

  • 2627 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!