This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About MartinPfeil
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About MartinPfeil
08-16-2023
11Posts
4Likes
1Solution
Aug 16, 2023Last Visited
User
Activity
User
Profile
Latest posts by MartinPfeil
| Subject | Views | Posted |
|---|---|---|
| 3473 | 03-28-2023 12:35 AM | |
| 2254 | 08-29-2022 01:14 AM | |
| 1254 | 08-24-2022 01:07 AM | |
| 2059 | 08-09-2022 12:28 AM | |
| 5592 | 05-31-2022 06:53 AM | |
| 1643 | 05-31-2022 02:20 AM | |
| 2036 | 05-30-2022 12:45 AM | |
| 3177 | 04-04-2022 07:36 AM | |
| 2284 | 03-16-2022 03:40 AM | |
| 2610 | 03-08-2022 01:52 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 05-31-2022 06:53 AM | |
| 1 Like | 04-04-2022 07:36 AM | |
| 1 Like | 03-08-2022 01:52 AM | |
| 1 Like | 03-08-2022 01:48 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 2 Likes | |||
| 5 Likes |
User Badges
Community Statistics
| Member Since | 12-22-2021 01:09 AM |
| Date Last Visited | 08-16-2023 04:56 AM |
| Posts | 11 |
| Total Likes Received | 4 |
03-28-2023
12:35 AM
Same problem, based on the replies here I regard it as a false positive
... View more
08-29-2022
01:14 AM
Hello,
over the last couple of days we have seen a lot of behavioural alerts with s vulnerable_driver_dropped_WinRing0.sys preventing HP and Lenovo signed drivers being updated. Obviously these are false positives, as WF and VT confirms-
Before I open a ticket, does anybody see similar behaviour?
Kind Regards
... View more
08-24-2022
01:07 AM
Is there any possibility to either fine-tune or completely disable this and similar signatures? This signature and " sync.vulnerable_driver_loaded_WinRing0.sys" prevented a update of different HP signed drivers on several systems.
... View more
08-09-2022
12:28 AM
I noticed the same issue, the Virustotal link is gone from the "Key Assets and Artifacts" view. It is still available in the QuickLauncher menu which is another extra step to investigate a suspicious file.
... View more
05-31-2022
06:53 AM
1 Kudo
I haven't seen anything from Palo Alto yet. We are using the following XQL query to detect attacks, obviously it is a little bit rough and any improvement is welcome dataset = xdr_data | filter action_process_image_name contains "msdt.exe" | filter action_process_image_command_line contains "PCWDiagnostic" and action_process_image_command_line contains "IT_RebrowseForFile" | fields _time, agent_hostname as host, actor_effective_username as user, actor_process_image_path as parent_process, action_process_image_path as executed , action_process_image_command_line as command_line
... View more
05-31-2022
02:20 AM
Hello Eluis, this is a standard procedure when we identify false positive alerts: report an incorrect verdict back to Palo Alto. Unfortunatly we still have to deal with the results of the initial false positive detection, e.g. messed up and incomplete software installations and updates because WF blocked access to certain files on several systems. This happens especially with software development tools and foreign language software, especially Chinese.
... View more
05-30-2022
12:45 AM
We have similar problems with white-listed binaries and received the following explanation: The white listing only adds the hash to a list of static IOC, if the binary acts in a suspicious way (either live or in WildFire) it will be blocked. One solution is to always run the latest version and report false positives, the other one is creating a malware profile which excludes certain files and folders from being scanned.
... View more
04-04-2022
07:36 AM
1 Kudo
If the file is always in the same location you can create a malware profile and exclude this location from scanning. That is the easiest solution, as chaning hashes will invalidate the entires in the allow list
... View more
03-16-2022
03:40 AM
Unfortunatly Wildfire produces a lot of false positives, we have to unblock and whitelist Cygwin binaries in regular intervals. Of course, I report the incorrect verdict to PA and it is reversed in a short time. But that doesn't help with binaries blocked initally using an incorrect verdict. Apart from adding known hashes to the whitelist, the only workable solution I found out is to exclude known folders from being scanned. Of course, this is not very secure and has it's own issue but it allows our developers to continue with their business
... View more
03-08-2022
01:52 AM
1 Kudo
It is benign software, initally identified as malware. Same thing happend in the last two days for other software updates, like for Epson and HP: Initially identified as malicious but then the verdict was reversed a few hours later. Files had to be released manually and hashes had to be added by hand to the whitelist
... View more
03-08-2022
01:48 AM
1 Kudo
It is benign software, initally identified as malware. Same thing happend in the last two days for other software updates, like for Epson and HP: Initially identified as malicious but then the verdict was reversed a few hours later. Files had to be released manually and hashes had to be added by hand to the whitelist
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-16-2023
04:56 AM
|
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks