FalsePositive on Silverlight.exe (Virus/Win32.slugin.ozi ID: 2044771)

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted

FalsePositive on Silverlight.exe (Virus/Win32.slugin.ozi ID: 2044771)

Hello Community!

 

I wonder if anyone else is getting a FalsPositive-Hit in AntiVirus-Protection on downloading Silverlight.exe?

 

When we use the following Link: http://go.microsoft.com/fwlink/?LinkID=623682

the page is blocked do to AntiVirus-Profile. In our ThreatLog we can see that the file Silverlight.exe is beeing blocked because it is identified as Virus/Win32.slugin.ozi ID: 2044771.

 

We are running a PA-3020 in an HA-Pair with the follwing SW-Version:

sw-version: 6.1.6

app-version: 546-3064
app-release-date: 2015/12/17  13:57:30
av-version: 1724-2202
av-release-date: 2015/12/20  04:00:02
threat-version: 546-3064
threat-release-date: 2015/12/17  13:57:30

wildfire-version: 83278-90094
wildfire-release-date: 2015/12/21  04:16:02

 

I downloaded the file an run a scan on VirusTotal with the following result:

SHA256: bd7ec2cd5d5e31d39a183854c587681f49d1fc0de47ef79ab0ea6d509de64938
Dateiname: Silverlight.exe
Erkennungsrate: 0 / 53
Analyse-Datum: 2015-12-21 13:18:55 UTC ( vor 1 Minute )
 
0
 
Probably harmless! There are strong indicators suggesting that this file is safe to use.

 

To me it seems to be a FalsePositive.

Is anyone seeing the same issue?

 

Thanks,

Alex.

Highlighted
Cyber Elite

We haven't...(20k+ users)

Highlighted

Thanks for your info, Brandon!

 

I did another test today (using this link: http://go.microsoft.com/fwlink/?LinkID=623682 ) , since were now on AV-Version 1726-2204, but again it is identified as Virus/Win32.slugin.ozi ID: 2044771

In our AV-Profile we set the action for http to block. Never had any issues before.

 

VirusTotal still states: Probably harmless! There are strong indicators suggesting that this file is safe to use.

 

Alex.

Highlighted
L7 Applicator

Hi Alex

 

Did you open a support case with TAC? They could investigate and remediate the issue

 

regards

Tom

Tom Piens - PANgurus.com
New to PAN-OS or getting ready to take the PCNSE? check out amazon.com/dp/1789956374
Highlighted
L3 Networker

We have the same issue.

Our PA found it in traffc between our WSUS server and Windows 7 client.

Apparently our other PA did not detect if when the WSUS server downloaded it from the Internet or at that moment its was running antoher AV definition version.

 

 

Highlighted
Cyber Elite

I just downloaded Silverlight via the link that was posted and WildFire saw it as clean.

 

silver.JPG

 

Here are the versions we are currently running:

 

version.JPG

 

Sounds like a TAC case is the best option?

Highlighted

Thanks for all of your replies!

 

I didn´t open a case yet, because it looks like i´m not able to open one direct at PaloAlto. We have Premium Partner Support, so I think I would have to contact our Partner. Now, between Christmas and NewYear it´s a little bit tricky here!

 

Anyway, I tested again today, since we´re now an AV-Version 1731-2209 (12/27/15) and it looks like it is corrected now!

Maybe anyone else contacted TAC ;-)

 

Thanks to all!

 

Alex.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!