Who Me Too'd this topic

Who Me Too'd this topic

L2 Linker

Virus/Win32.WGeneric.aktpum - OneDriveSetup.exe detected via an Antivirus

Are seeing the following in Cortex XDR 
'Threat ID #348815361' generated by PAN NGFW detected on host 10.x.x.x involving user ZZZZ\first.last


Threat ID: 2418537

Current Release: 3394 (2020-06-28 UTC)

First Release: 3394 (2020-06-28 UTC)

SHA256:    1d279269b17d9282b061be59ba23a0fadecae6e44e12ea4054d4637ae736d748


Unfortunately it seems that its not at all uncommon for OneDriveSetup.exe to be flagged by PAN AntiVirus Threats as a generic W32 Virus.  Seen this happen in June, also back in April.  Is there a known reason why PAN A/V Threats continue to "misfire" on this?


@hisingh is this anything you have already heard or been aware of?  I see you were involved in a prior discussion of this False Positive, back in April

History of this in the instance of Cortex XDR that I currently have access to from my customer.  I do not have access to their Panorama or their NGFW configs, thus can not obtain capture at this time.

Screen Shot 2020-06-29 at 11.23.17.png


Who Me Too'd this topic