08-09-2013 07:51 AM
Hi,
Recently, on some of our clients we have been seeing the same threat / virus appear. The name is VBS/Virus.invadesys. and the ID is 253879.
Some interesting things to note...
Small sample of some URLs...
Upon further investigation, it seems that these files come pre-packaged with IE7, as seen with one of the above URLs.
So my question is, has anyone else seen an abundance of these alerts in the recent days?
08-09-2013 08:21 AM
Hi achitwadgi,
Thanks for the information. Any idea when this update will be available for download? I just checked on the PA devices, and it is not showing yet.
Also, where did you obtain this information? I cannot find it anywhere.
08-09-2013 09:04 AM
Hi, current AV version available is 1075. 1076 should go out later today.
08-09-2013 01:38 PM
AV 1076 is still triggering alerts on this threat id 253879 for URLs such as support.microsoft.com/kb/2123563.
This issue has been reopened with PAN threat team and is being further investigated.
08-09-2013 03:24 PM
A problem was discovered with the signature and this is being addressed with the combination of AV update today and the app+threat content update that is targeted for release on Tuesday Aug 13.
08-11-2013 11:45 AM
Thanks for the updates on this issue! 
08-14-2013 06:24 AM
I have just received a report from a customer running 1078, that he has this false positive as well. Guess we are not quit there yet.
08-14-2013 07:29 AM
Please ensure that in addition to the latest AV package, you are also running apps+threat version 388 or newer.
08-14-2013 11:28 AM
I am running Apps and Threats version 388 antivirus version 1078 and am still reviving these alerts. Interestingly the threat ID and name are not present in the threat vault.
08-14-2013 11:48 AM
Maybe the signature needs additional tuning. If you suspect this to be a false positive alert, can you please open a support case with the threat log screenshot & sample/url/threat pcap and 'show system info' output?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
