2 versions of Dll file used in our company's privacy/anti-tracking app are falsely marked as generic.ml by Palo Alto engine (results based on Virustotal scan report.)
File Hash: 6c7af7cf2a87f6a12be2b254cfc8349c
Link to Virustotal report for the file: https://www.virustotal.com/#/file/42db01439e1ab94638bb1c96b9e27a52c9a8a75e622e8f8df85241e895507cc7/d...
Current VirustTotal Verdict: generic.ml
File Hash: 5deecfe1beec58021a92e4838fc58e70
Current VirusTotal Verdict: generic.ml
These files are used by our app to provide anti-tracking and advertisment blocking services to our customers. Is there a possibility to whitelist these files by signature, so that we don't run into same FP in future? Thank you!
Files with hash 42db01439e1ab94638bb1c96b9e27a52c9a8a75e622e8f8df85241e895507cc7 and 8ee884ec7bf9d728a15b3b5edcbf6de3197b822a842e8013725ecd2d8fee07c1 have been submitted for review by our analysts and verdict flip to benign.
Hi, thak you for an update, but on VT we still see the same result (detection with generic.ml). Do we have to wait for the update?
Also, is there a possibility to whitelist this file by our signature, so that it doesn't get marked in the upcoming versions of the product?
You had to wait for the update, it's showing clean now. If I understood the update correctly from our analysts, the signer has been added to the trusted signer list, but I don't have a way to verify that at this time. If you observe a new FP, please make sure to request the signer be added to the trusted list to prevent FP's from reocurring.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!