I was running a windows 7 to 10 update setup and in between i got some error.
After finding out (Wininetplugin.dll) is showing as Virus and that was the error reason.
Could you guys please explain a bit more about this.
Thanks & Appreciate
I looked at the Threat Vault from PANW, and do not see any false postive messages.
What was the virus signature name and ID that you saw.
How did you confirm that this .dll did NOT have a true positive virus attached to it?
Did you only rely on your endpoint AV not flagging it or quarating this file?
Please advise, so we can help you.
Greetings & Good Day To You Too ...
This is the ID & Virus Description
Threat ID : 268424925
Threat Name : Virus/Win32.WGeneric.aavcql
We tried in our corporate AV which is Symantec and it showed file as clean.
Would appreciate inputs from you.
As I thought... how do you know that the Symantec had the most current signatures available to it.
The signature you provided, I went to the Threat Database and found the hash for the signature
Unique Threat ID: 268424925
Create Time: 2019-05-01 20:42:43 (UTC)
When I goto Virus Total, that specific hash cannot be found.
It has been documented that Wildfire can find Malware hours/days/weeks before the other AV vendors see it.
Now, I am not suggesting either way a false postive or not.
From my (albeit layman) perspective, your AV did not find match a known AV signature
Are you able to confirm that your AV vendor has a signature for the hash above?
So, if you AV is looking for an signature that is not in its database, does that imply that a new zero day malware could not evade detection? If that is true... then can you provide validation that the file is not, malware.
Absence of a response does not mean it is safe... it means there was no comparision... so still a gray area.
Just my thoughts. You can open a ticket with TAC... eitherwise, we may be at an impasse. I simply do not know....
What do you suggest we do?
I forwarded your email to my colleague who did the Hash lookup and he also found nothing threat related.
He also said its an OS update Win 10 file from Microsoft.
For the time being i allowed it but i am not sure should i keep it excluded.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!