- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-08-2026 12:18 AM
Hey
we are using Cortex XSIAM and have been getting alerts on miniwallet.bundle.js apparently during MS Edge updates.
From what I can see the Wildfire Verdict has changed yesterday. However, reading the report, I cannot explain why it is considered Malware. Googling also did not get me any further.
Most interestingly: On VirusTotal the corresponding has (miniwallet.bundle.js e1c8013b3c793dece95e5b9fc479325aff243052f1ca23e6de92ca473f3200d4) comes back clean.
I am a bit out of idea on what is going on here.
Does anyone have any ideas on how to see why a WildFire verdict has changed?
Or what else to do to triage this?
07-08-2026 03:54 AM
Hi @J.Huchtktter ,
I checked the wildfire portal for that hash and noticed the behavioral summary is older than the latest verdict status change.
When the Behavioral summary shows an older date (July 7) but the Verdict status says Updated on a newer date (July 8), it usually means the sandbox didn't actually re-run the file. Instead, Palo Alto Networks' threat intelligence backend updated a global detection rule or flag on July 8 that retroactively applied to the behaviors recorded during that original July 7 session.
Essentially, a backend heuristic rule change overnight made WildFire look back at that specific July 7 behavior and decide, "Wait, we now classify that pattern as malware."
Because this is a core Microsoft Edge file, it confirms that a newly deployed backend rule is being overly aggressive and has caused a global false positive.
Please submit an Incorrect Verdict / False Positive appeal through the WildFire portal. When the research team looks at the submission, they will see that the newly updated rule accidentally snagged a signed Microsoft component and they will manually roll back/fix the signature.
In the meantime, you can whitelist or create an exception for this specific hash in XSIAM to keep your users from running into browser issues.
Hope this helps,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!

