04-03-2018 04:20 PM
Can you please address this false positive
04-05-2018 03:12 PM
Can you explain what "Grayware" is? Why not greenware or some other color. We operate above board with over 1m subscribers. Why would you not list this app in your whitelist?
04-05-2018 04:09 PM
The WildFire grayware verdict classifies files that behave similarly to malware, but are not malicious in nature or intent. A grayware verdict might be assigned to files that do not pose a direct security threat, but display otherwise obtrusive behavior (for example, installing unwanted software, changing various system settings, or reducing system performance). Examples of grayware software can typically include adware, spyware, and Browser Helper Objects (BHOs). The grayware verdict allows you to quickly distinguish malicious files on the network from grayware, and to prioritize accordingly.
Antivirus signatures are not generated for grayware and security policies cannot be enforced based on the grayware verdict. However, logs and reports can continue to alert to endpoints downloading grayware, enabling you to take any necessary action.
04-05-2018 04:16 PM
Thank you for claryfying - but this does not answer my initial question. Please see below:
- This app does is not marketed to anyone who did not specifically request to download and install it.
- This app is not obtrusive, distruptive, does not change any system settings without users explicit permission, does not in any way reduce system performance - in fact it does the opposite.
- This app does not include any adware or spyware or BHOs - in fact its designed to remove or block these types of files/behaviours
- This app has gone through extensive 3rd party validation and is currently certified by AppEsteem (https://customer.appesteem.com/vendors/REALD/171117-PEF-REALD-00039)
Per above - how does this app qualify as a grayware?
04-06-2018 10:56 AM
Our Malware Reverse Engineers manually reviewed the software and from their analysis the software exhibits characteristics that malware also performs. Some of these things could be self signed certs or software that isn't signed at all. Proxy changes are also listed as potentaly harmful and this program was seen to perform that.
As I am not the one who analyzes the software itself, I can't speak to why they determined it to be Greyware. If you look at it in Virus Total it says that it's Clean and not Malware. This was the goal, correct?
04-06-2018 11:21 AM
Our software is not self signed and we use DigiCert and other reputable 3rd party certs. We do not use Proxies.
Can you tell me where you are detecting this info.
We do not want our software categories incorrectly and greyware classification is certainly not accetable.
We just want to know the facts. If you say we are using proxies or 1st party certs or display behaviour consistent with malware - please show us where you are seeing this or provide any evidence to prove this. Nothing that you have mentioned is consistent with how our software works.
Please advise further
04-11-2018 12:16 PM
Any updates on this?
04-11-2018 12:19 PM
The verdict for this file has been set, there will not be any changes. As far as Palo Alto is conserned this file is Greyware.
04-11-2018 03:12 PM
Can you please provide contact info for your legal department?
04-12-2018 09:39 AM
I'm part of the product management team here at Palo Alto Networks focusing on WildFire.
We'd like to help out.
A couple questions:
1. Is your primary concern the representation of this file on VT?
2. Pending on your response, what is your concern with the verdict of grayware? Customer's rarely block or restrict file access based on grayware and VT should no longer reflect a hit after the sample is reanalyzed.
04-12-2018 01:27 PM
Hello and thank you for your help.
Our biggest concern is that our app does not fit into your Grayware criteria.
I have clearly explained what our app does and asked your team to specifically point out how our application is classified under your Grayware definition and your staff has yet to reply with specific examples. Your definition is broad and does not explicitly or directly addresses our application. Your definition of Grayware includes business and technology practices that are a) not applicable to us b) completely the opposite of what our app does c) missleading and counter intuitive.
Please advise as to next steps.
04-17-2018 06:57 PM
Looks like you guys are flagging us again.
Can you please remove the blocking and whitelist us.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!