FalsePositive on Silverlight.exe (Virus/Win32.slugin.ozi ID: 2044771)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

FalsePositive on Silverlight.exe (Virus/Win32.slugin.ozi ID: 2044771)

L2 Linker

Hello Community!

 

I wonder if anyone else is getting a FalsPositive-Hit in AntiVirus-Protection on downloading Silverlight.exe?

 

When we use the following Link: http://go.microsoft.com/fwlink/?LinkID=623682

the page is blocked do to AntiVirus-Profile. In our ThreatLog we can see that the file Silverlight.exe is beeing blocked because it is identified as Virus/Win32.slugin.ozi ID: 2044771.

 

We are running a PA-3020 in an HA-Pair with the follwing SW-Version:

sw-version: 6.1.6

app-version: 546-3064
app-release-date: 2015/12/17  13:57:30
av-version: 1724-2202
av-release-date: 2015/12/20  04:00:02
threat-version: 546-3064
threat-release-date: 2015/12/17  13:57:30

wildfire-version: 83278-90094
wildfire-release-date: 2015/12/21  04:16:02

 

I downloaded the file an run a scan on VirusTotal with the following result:

SHA256: bd7ec2cd5d5e31d39a183854c587681f49d1fc0de47ef79ab0ea6d509de64938
Dateiname: Silverlight.exe
Erkennungsrate: 0 / 53
Analyse-Datum: 2015-12-21 13:18:55 UTC ( vor 1 Minute )
 
0
 
Probably harmless! There are strong indicators suggesting that this file is safe to use.

 

To me it seems to be a FalsePositive.

Is anyone seeing the same issue?

 

Thanks,

Alex.

6 REPLIES 6

L6 Presenter

We haven't...(20k+ users)

Thanks for your info, Brandon!

 

I did another test today (using this link: http://go.microsoft.com/fwlink/?LinkID=623682 ) , since were now on AV-Version 1726-2204, but again it is identified as Virus/Win32.slugin.ozi ID: 2044771

In our AV-Profile we set the action for http to block. Never had any issues before.

 

VirusTotal still states: Probably harmless! There are strong indicators suggesting that this file is safe to use.

 

Alex.

Hi Alex

 

Did you open a support case with TAC? They could investigate and remediate the issue

 

regards

Tom

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

L3 Networker

We have the same issue.

Our PA found it in traffc between our WSUS server and Windows 7 client.

Apparently our other PA did not detect if when the WSUS server downloaded it from the Internet or at that moment its was running antoher AV definition version.

 

 

I just downloaded Silverlight via the link that was posted and WildFire saw it as clean.

 

silver.JPG

 

Here are the versions we are currently running:

 

version.JPG

 

Sounds like a TAC case is the best option?

Thanks for all of your replies!

 

I didn´t open a case yet, because it looks like i´m not able to open one direct at PaloAlto. We have Premium Partner Support, so I think I would have to contact our Partner. Now, between Christmas and NewYear it´s a little bit tricky here!

 

Anyway, I tested again today, since we´re now an AV-Version 1731-2209 (12/27/15) and it looks like it is corrected now!

Maybe anyone else contacted TAC 😉

 

Thanks to all!

 

Alex.

  • 5817 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!