10-03-2022 03:30 AM
Hello,
While performing a malware analysis on Cortex XDR, Wildfire has detected a file on the computer as possible malware. The file has also been analyzed in other intelligence tools and has not been detected as malicious, the only tool that detects it as malware is Palo Alto Networks. It is the file "SecureDriveService.dll", with description PE32+ executable (DLL) (GUI) x86-64, for MS Windows, with SHA256: e69a1b28a5b71549177f09a9ef7a336831400479ce6f3c6856bc8a818170745d.
Please , could you give us some feedback and indicate if it can be treated as false positive?
BR
10-03-2022 10:32 AM
Can you share the Wildfire report, or what characteristics that this hash is deplaying? Recall that WF finds zero day sometimes day/hours/weeks before other vendors. So the lack of info from the other vendors does not necessarily meeting that it is safe; only that they do not yet know what that hash is. You may want to research a little more.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
