04-22-2019 09:05 AM
Hi all,
Curious if anyone can point me toward amplifying info regarding Threat Vault signatures? From what I can tell, these generic signatures usually tend to generate false positives. It's hard to investigate why the alert is getting triggered when the Threat Vault only shows a hash without any context or information regarding why it's deemed malicious. Is the hash the only thing triggering these? I search for the hash on other my other security systems and I get no results, so I have no idea how to chase it down. This particular case is getting triggered by MSVCR80.DLL, which is pretty common on Windows systems. Any guidance is greatly appreciated.
04-22-2019 07:59 PM
Generally what you would do with a signature like this is take the MD5 hash value displayed by threatvault and run it through a search on VirusTotal. However, I'm not currently getting anything off of the displayed signature.
With this being a newer signature I would report the false positives you're seeing to support so they can pass it along internally and see if the signature isn't a bit too broad.
04-22-2019 07:59 PM
Generally what you would do with a signature like this is take the MD5 hash value displayed by threatvault and run it through a search on VirusTotal. However, I'm not currently getting anything off of the displayed signature.
With this being a newer signature I would report the false positives you're seeing to support so they can pass it along internally and see if the signature isn't a bit too broad.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
