I wonder if anyone else is getting a FalsPositive-Hit in AntiVirus-Protection on downloading Silverlight.exe?
When we use the following Link: http://go.microsoft.com/fwlink/?LinkID=623682
the page is blocked do to AntiVirus-Profile. In our ThreatLog we can see that the file Silverlight.exe is beeing blocked because it is identified as Virus/Win32.slugin.ozi ID: 2044771.
We are running a PA-3020 in an HA-Pair with the follwing SW-Version:
app-release-date: 2015/12/17 13:57:30
av-release-date: 2015/12/20 04:00:02
threat-release-date: 2015/12/17 13:57:30
wildfire-release-date: 2015/12/21 04:16:02
I downloaded the file an run a scan on VirusTotal with the following result:
|Erkennungsrate:||0 / 53
|Analyse-Datum:||2015-12-21 13:18:55 UTC ( vor 1 Minute )|
To me it seems to be a FalsePositive.
Is anyone seeing the same issue?
Thanks for your info, Brandon!
I did another test today (using this link: http://go.microsoft.com/fwlink/?LinkID=623682 ) , since were now on AV-Version 1726-2204, but again it is identified as Virus/Win32.slugin.ozi ID: 2044771
In our AV-Profile we set the action for http to block. Never had any issues before.
VirusTotal still states: Probably harmless! There are strong indicators suggesting that this file is safe to use.
Did you open a support case with TAC? They could investigate and remediate the issue
We have the same issue.
Our PA found it in traffc between our WSUS server and Windows 7 client.
Apparently our other PA did not detect if when the WSUS server downloaded it from the Internet or at that moment its was running antoher AV definition version.
I just downloaded Silverlight via the link that was posted and WildFire saw it as clean.
Here are the versions we are currently running:
Sounds like a TAC case is the best option?
Thanks for all of your replies!
I didn´t open a case yet, because it looks like i´m not able to open one direct at PaloAlto. We have Premium Partner Support, so I think I would have to contact our Partner. Now, between Christmas and NewYear it´s a little bit tricky here!
Anyway, I tested again today, since we´re now an AV-Version 1731-2209 (12/27/15) and it looks like it is corrected now!
Maybe anyone else contacted TAC ;-)
Thanks to all!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!