- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-14-2018 07:12 AM
We are seeing False positive on our binaries , request assitance to Whitelist this... if possible also point me to place for proactive whitelisting to avoid detection in future on other binaries as all our binaries are signed
File Hash: 07c3fe8a8f0b2f3dce76e7754f71efb8b6cfaf92e6ec0d575462a719b090603b
Link to Virustotal report for the file: https://www.virustotal.com/#/file/07c3fe8a8f0b2f3dce76e7754f71efb8b6cfaf92e6ec0d575462a719b090603b/d...
Current VirustTotal Verdict: generic.ml
Description: In house file used by support reps. digitally signed binaries.
File Hash: c1e0ca19ca664ffb65db7957fabc5ad2
Link to Virustotal report for the file: https://www.virustotal.com/#/file/07c3fe8a8f0b2f3dce76e7754f71efb8b6cfaf92e6ec0d575462a719b090603b/d...
Current VirustTotal Verdict: generic.ml
Description: In house file used by support reps. digitally signed binaries.
02-15-2018 08:15 AM
Both samples were update to "benign" as of 9:43 CST this morning. Please allow some time for this change to be reflected on virustotal.com.
02-14-2018 07:29 AM
Both files have been queued for review. Please allow us 24 to 48 hours to process these samples.
02-14-2018 07:35 AM
that was super quick response to the post... appreciate it.. will await a response.
btw- if there are options for whitelisting proactively do share the same , appreciate the help
02-14-2018 02:58 PM
We can whitelist a signer. Are these samples digitally signed?
02-14-2018 11:33 PM
Yes all our binaries are digitally signed by SHA256 and sha1 signatures.. EV authenticode
02-15-2018 08:15 AM
Both samples were update to "benign" as of 9:43 CST this morning. Please allow some time for this change to be reflected on virustotal.com.
02-26-2018 08:17 AM
What is the process to proceed for whitelist based on signature?.. would love to take this up to avoid chasing detection for suppression etc.....
02-27-2018 03:23 PM
The next time you submit an FP, please ask the signer to be whitelisted.
02-28-2018 01:33 AM
Wondering if we should wait for a False positive to occur and then raise this request. Would it not be easier for all if we proceed with the CA whitelisting now than later so its more proactive rather reactive. if the team requires more file samples or such happy to supply those
03-01-2018 03:35 PM
Ok, I opened an internal request for you, will let you know once our threat researchers review the sample's signer.
03-02-2018 10:56 AM
The signer's related samples have been reviewed, and there is now a formal WildFire Cloud request to have 'Sutherland Global Services, Inc.' added to our whitelist.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!