02-09-2024 10:46 AM
Hi All,
Recently our Palo Alto flagged Agcinvokerutility.exe (Virus/Win32.Wgeneric.Eedlvy(624280308)) as malicious. A quick search on the virus signature on Virus total confirmed it to be highly malicious.
However, Agcinvokerutility.exe is also a known Adobe Utility which verifies if a valid version of adobe software is being used.
Has anyone else experienced this in their environment lately? Is it a false positive signature which PA is working on fixing it?
02-09-2024 11:51 AM - edited 02-09-2024 11:55 AM
If you believe it to be a false positive you could create an exception for it and submit a TAC case for them to remove it. However, given the VirusTotal information on that I would be extremely hesitant to exception that and would actually just recommend that you dont exception it. Just because its ran as part of a known vendor does not necessarily mean its safe.
VirusTotal - File - b807502f1a0804543488c5b85a386452d6f9848bf611db01728f3d8c23a212c9
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
