False positive on VirusTotal

Reply
L2 Linker

False positive on VirusTotal

L5 Sessionator

I will see what I can do to get this verdict changed

L5 Sessionator

This has been submitted for manual evaluation.  I've confirmed that Virus Total has this rated at 6/66

L5 Sessionator

You requested the verdict be changed to benign, but was instead changed to grayware. According to our internal annalysis team this is a Greyware app.

L2 Linker

Can you explain what "Grayware" is?  Why not greenware or some other color.  We operate above board with over 1m subscribers.  Why would you not list this app in your whitelist?

L5 Sessionator

https://www.paloaltonetworks.com/documentation/translated/70/newfeaturesguide/wildfire-features/wild...

 

The WildFire grayware verdict classifies files that behave similarly to malware, but are not malicious in nature or intent. A grayware verdict might be assigned to files that do not pose a direct security threat, but display otherwise obtrusive behavior (for example, installing unwanted software, changing various system settings, or reducing system performance). Examples of grayware software can typically include adware, spyware, and Browser Helper Objects (BHOs). The grayware verdict allows you to quickly distinguish malicious files on the network from grayware, and to prioritize accordingly.

 

Antivirus signatures are not generated for grayware and security policies cannot be enforced based on the grayware verdict. However, logs and reports can continue to alert to endpoints downloading grayware, enabling you to take any necessary action.

L2 Linker

Thank you for claryfying - but this does not answer my initial question.  Please see below:

 

- This app does is not marketed to anyone who did not specifically request to download and install it.  

- This app is not obtrusive, distruptive, does not change any system settings without users explicit permission, does not in any way reduce system performance - in fact it does the opposite.

- This app does not include any adware or spyware or BHOs - in fact its designed to remove or block these types of files/behaviours

- This app has gone through extensive 3rd party validation and is currently certified by AppEsteem (https://customer.appesteem.com/vendors/REALD/171117-PEF-REALD-00039)

 

Per above - how does this app qualify as a grayware?

 

Thank you

L5 Sessionator

Our Malware Reverse Engineers manually reviewed the software and from their analysis the software exhibits characteristics that malware also performs. Some of these things could be self signed certs or software that isn't signed at all. Proxy changes are also listed as potentaly harmful and this program was seen to perform that.

 

As I am not the one who analyzes the software itself, I can't speak to why they determined it to be Greyware. If you look at it in Virus Total it says that it's Clean and not Malware. This was the goal, correct?

 

L2 Linker

Our software is not self signed and we use DigiCert and other reputable 3rd party certs.  We do not use Proxies.  

Can you tell me where you are detecting this info.

 

We do not want our software categories incorrectly and greyware classification is certainly not accetable.

 

We just want to know the facts.  If you say we are using proxies or 1st party certs or display behaviour consistent with malware - please show us where you are seeing this or provide any evidence to prove this.  Nothing that you have mentioned is consistent with how our software works.

 

Please advise further

L2 Linker

Any updates on this?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!