cortex xdr - submit false positive - shuttools 1.81

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

cortex xdr - submit false positive - shuttools 1.81

L1 Bithead

Palo Alto I am having a problem with your program mis classifing my tool suite Shut.Tools.1.81.docm as a false positive. Its a vba macro that has previously been cleared my Microsoft and utilises some popular MVP code via desktop liberation.  https://ramblings.mcpher.com/category/officevba/  I depend on this to undertake my tasks and is currently being flagged as a false positive by cortex xdr. Previously traps did not cause many if at all issues. As mentioned Microsoft have cleared a previous version of the macro. It is critical that you take a look at this program as it performs no malicous activity, its main role is to generate documents for our shutdown planning process at work. It also uploads source to github and a few other things however does not contain any malicous code.

 

I have been able to dig this out of the cortex xdr log 2020/08/15T17:42:24.260+08:00 D-13361 [3980:6344 #12:12] {trapsd:WildFire:GetVerdicts(count=145):} Uploading executable with hash '39649caafc2d41656fcf79e665a449efad0dbbc76f5a97c0491d721a76f268f1' for process path '\\?\UNC\PERFS01\CPMining\Manage Operations\Ops - Concentrator Team\4. Production General\5. Permit To Work\35.0 PTW Team Working Folders\Matt Jackson\Projects\ShutTools\Proto\Shut.Tools.1.81.docm' to URL:

 

FYI

 

---------- Thank you for your recent inquiry about Shut Tools 1.74 (submission reference: 21f5ed08-48d7-4d0b-8e93-2a7666901857) in connection with the operation of Windows Defender. The new security intelligence update version 1.315.578.0 contains changes necessary to resolve your question relating to Shut Tools. New security intelligence update is now available for users who subscribe to the automatic security intelligence update mechanism, as well as users who choose to manually update their security intelligence update library. We encourage you to try this new security intelligence update and confirm your inquiry has been resolved.  If your machine has not been updated with this version of security intelligence update you can download and install the update manually following these steps:

 

At this stage I am unable to provide code signing for this and I do not have access to our organisation wirefire infrastructure so I am unable to report using the support portal interface.  Please perform analysis at your end and reclassify as not malicious.

 

Your assistance is appreciated as I depend on this code to undertake my tasks

 

Cheers

2 REPLIES 2

L1 Bithead

I had previously listed the thread under the cortex xdr forum.  Here I was able to upload the file in question for review.  Please find the hash via this link https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-submit-false-positive-shuttoo...

 

If you require any additional information dont hesitate to ask.

 

Cheers

 

Matt

This forum is for non customers to report false positives observed in VirusTotal.

Please open a Support case.

  • 2830 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!