Wininetplugin.dll showing as Virus in PAN OS 8.1.9 h4

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Wininetplugin.dll showing as Virus in PAN OS 8.1.9 h4

L1 Bithead

Hi Guys

 

I was running a windows 7 to 10 update setup and in between i got some error.

After finding out (Wininetplugin.dll) is showing as Virus and that was the error reason.

 

Could you guys please explain a bit more about this.

 

Thanks & Appreciate

4 REPLIES 4

Cyber Elite
Cyber Elite

Good Day

 

I looked at the Threat Vault from PANW, and do not see any false postive messages.

 

What was the virus signature name and ID that you saw.

 

How did you confirm that this .dll did NOT have a true positive virus attached to it?

Did you only rely on your endpoint AV not flagging it or quarating this file?

 

Please advise, so we can help you.

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Greetings & Good Day To You Too ...

 

This is the ID & Virus Description 

Threat ID       :  268424925
Threat Name :  Virus/Win32.WGeneric.aavcql

 

We tried in our corporate AV which is Symantec and it showed file as clean.

Would appreciate inputs from you.

Howdy again.

 

As I thought... how do you know that the Symantec had the most current signatures available to it.

The signature you provided, I went to the Threat Database and found the hash for the signature

 

44e0fa6a16669f1ed7ae4ea7bb0ac2100f67faf1ab6d38a11d47b70eba205766

Name: Virus/Win32.WGeneric.aavcql

Unique Threat ID: 268424925

Create Time: 2019-05-01 20:42:43 (UTC)

 

When I goto Virus Total, that specific hash cannot be found. 

It has been documented that Wildfire can find Malware hours/days/weeks before the other AV vendors see it.

Now, I am not suggesting either way a false postive or not. 

 

From my (albeit layman) perspective, your AV did not find match a known AV signature

Are you able to confirm that your AV vendor has a signature for the hash above?

 

So, if you AV is looking for an signature that is not in its database, does that imply that a new zero day malware could not evade detection?  If that is true... then can you provide validation that the file is not, malware.

Absence of a response does not mean it is safe... it means there was no comparision... so still a gray area.

 

Just my thoughts.  You can open a ticket with TAC... eitherwise, we may be at an impasse.  I simply do not know....

What do you suggest we do?

 

 

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Hello ...

 

I forwarded your email to my colleague who did the Hash lookup and he also found nothing threat related.

He also said its an OS update Win 10 file from Microsoft. 

For the time being i allowed it but i am not sure should i keep it excluded.

😕 ?

  • 3846 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!