About mivaldi

eb3e6f1c5575c2e806b215b701420eff9aeb233de03505d68404f7ea292e39c8 has been found to be Benign. The associated Antivirus signatures will be removed with tomorrow's release of the Antivirus database. ... View more

Submitted the sample for verdict reconsideration. ... View more

Thank you. I found there was a request already submitted by a Palo Alto Networks customer on this sample. The sample will be analyzed for verdict reconsideration shortly. ... View more

The list ships with the Antivirus package. Make sure you deploy the Antivirus package to Panorama so that it has knowledge of the lists. ... View more

Please open a case with Support. ... View more

Wolfgang,    They weren't false positives. False positives are when WildFire gives a Benign file a Malicious verdict.  In this case, WildFire gave the files a Benign verdict, but they were triggering Antivirus signatures. We call these Signature Collisions. These happen when the digital patterns that the firewall looks at to identify a file, concide between a Benign sample and an Antivirus signature that has been generated from a Malicious sample that is similar in structure to the Benign file.    You can read more about these at: https://live.paloaltonetworks.com/t5/Threat-Vulnerability-Articles/What-is-a-signature-collision/ta-p/79086 ... View more

The URL's in the file names looks like a product defect. If I remember correctly, it is caused by limitations with the SMB decoder, which by the way has been significantly improved in PAN-OS 8.1. I would focus my attention on resolving the collision though. Have you been able to spot the msiexec.exe file causing the signature to trigger?  ... View more

It has already been changed to Benign. To see VirusTotal updated select the option to Reanalyze. The associated virus signatures will be removed with tomorrow's Antivirus package. ... View more

If the firewall detects a TCP packet with data and your Zone Protection profile is set to drop these, then I wouldn't think it is a false positive. It triggers the protection because the firewall sees these.   More information available at: https://www.paloaltonetworks.com/documentation/80/pan-os/newfeaturesguide/networking-features/zone-protection-for-syn-data-payloads   There is currently no way to inhibit these protections from writing to the Threat Logs, however, if you receive the alerts through a Log Forwarding profile, you can edit the profile so that these are not forwarded out using a Filter in PAN-OS 8.0:   (severity eq informational) and (threatid neq 8723)   Selective Log Forwarding https://www.paloaltonetworks.com/documentation/80/pan-os/newfeaturesguide/management-features/selective-log-forwarding-based-on-log-attributes   Video Tutorial https://live.paloaltonetworks.com/t5/Tutorials/Tutorial-Filtered-Log-Forwarding/ta-p/145950 ... View more

Confirmed benign. Signature will be disabled tomorrow. ... View more

Wolfgang,   Please upgrade to the latest Antivirus package and do let me know if you still see the signature triggering. I tried to resolved this issue, but the msiexec.exe sample I had to work with was not triggering the signature collision any longer. If yours continues to trigger after updating Antivirus, please locate the msiexec.exe file that triggers the signature, and share its sha256 hash with me. ... View more

The lists ship with a Dynamic Updates package. I'm researching to find out exactly which one. ... View more

Submitted d2cd97584bc335aae4f19821837be587da6f5ad034945c24ce698d34c8034fbf for analysis. ... View more