False positive detected for Radioplayer app. Please white list.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

False positive detected for Radioplayer app. Please white list.

L1 Bithead

Hi

 

Our app, Radioplayer v6.6, has been tagged by Cortex XDR as malware.


Please whitelist it.

 

We're a reputable non-profit company: https://www.radioplayer.org

 

image0000001 (1).jpgimage0000001.jpg

6 REPLIES 6

L4 Transporter

Hello,

Please provide the requested information in the format that is outlined in the pinned thread at the top of this forum.
https://live.paloaltonetworks.com/t5/virustotal/virustotal-verdict-change-request-for-false-positive...

L3 Networker

I had a similar instance with the Spectrum App. 

I would recommend to go to the Cortex XDR tenant and find this specific incident. Locate the wildfire information and identify the action/behavior that triggered that verdict.

 

In the case of the Spectrum mobile app, I downloaded the Wildfire report from Cortex XDR and found out that this app was trying to contact a fishy URL. The URL had no information and was potentially malicious (virustotal was inconclusive I think, can't remember), it could have been just a brand new domain which could also trigger URL filtering to flag as malicious.

 

Gustavo_Aristi_0-1677619478760.png

 

Example of another similar incident:

Gustavo_Aristi_1-1677619590904.png

 

Cyberforce Commander.
Don't forget to hit that Like button if a post is helpful to you!

Info given in screenshots posted above.

 

App hash: f80297408af811666d54e5305accd9b27cbf0713097014a94f91c3ac7d6d16a1

Signature hash: f2782f7234b6091b1693bbeedffacc45

Link to Virustotal report for the file: unknown

Current VirustTotal Verdict: Malware

Description: see screenshots

image0000001 (1).jpgimage0000001.jpg

Thank you.

 

Unfortunately, I don't know what this means:

 

I would recommend to go to the Cortex XDR tenant

 

L3 Networker

Gotcha, no problem. Whomever installed Cortex XDR agent on your device perhaps your IT department, or your managed services provider, etc, would know.

 

That is the central point of intelligence for your Cortex XDR deployment. Your Cortex XDR agent is connected to it and sends information to this central location and this central location sends information back to your device as well as instructions.

 

Your Cortex XDR / IT / Security team could also report the verdict as incorrect as follows:

Gustavo_Aristi_0-1677620395211.png

 

I would first take a look at the previously mentioned Wildfire report to get a concrete idea of what triggered this verdict. This is potentially something that the developers of the the radioplayer app will find useful and will address it.

 

 

Cyberforce Commander.
Don't forget to hit that Like button if a post is helpful to you!

L4 Transporter

I've submitted this file for review. 

  • 1735 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!