I looked at the Threat Vault from PANW, and do not see any false postive messages.
What was the virus signature name and ID that you saw.
How did you confirm that this .dll did NOT have a true positive virus attached to it?
Did you only rely on your endpoint AV not flagging it or quarating this file?
Please advise, so we can help you.
As I thought... how do you know that the Symantec had the most current signatures available to it.
The signature you provided, I went to the Threat Database and found the hash for the signature
Unique Threat ID: 268424925
Create Time: 2019-05-01 20:42:43 (UTC)
When I goto Virus Total, that specific hash cannot be found.
It has been documented that Wildfire can find Malware hours/days/weeks before the other AV vendors see it.
Now, I am not suggesting either way a false postive or not.
From my (albeit layman) perspective, your AV did not find match a known AV signature
Are you able to confirm that your AV vendor has a signature for the hash above?
So, if you AV is looking for an signature that is not in its database, does that imply that a new zero day malware could not evade detection? If that is true... then can you provide validation that the file is not, malware.
Absence of a response does not mean it is safe... it means there was no comparision... so still a gray area.
Just my thoughts. You can open a ticket with TAC... eitherwise, we may be at an impasse. I simply do not know....
What do you suggest we do?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!