False positive removal request-generic.ml

Reply
L1 Bithead

False positive removal request-generic.ml

We are seeing False positive on our binaries , request assitance to Whitelist this... if possible also point me to place for proactive whitelisting to avoid detection in future on other binaries as all our binaries are signed

 

File Hash: 07c3fe8a8f0b2f3dce76e7754f71efb8b6cfaf92e6ec0d575462a719b090603b

Link to Virustotal report for the file: https://www.virustotal.com/#/file/07c3fe8a8f0b2f3dce76e7754f71efb8b6cfaf92e6ec0d575462a719b090603b/d...

Current VirustTotal Verdict: generic.ml

Description: In house file used by support reps. digitally signed binaries.

 

File Hash:  c1e0ca19ca664ffb65db7957fabc5ad2

Link to Virustotal report for the file: https://www.virustotal.com/#/file/07c3fe8a8f0b2f3dce76e7754f71efb8b6cfaf92e6ec0d575462a719b090603b/d...

Current VirustTotal Verdict: generic.ml

Description: In house file used by support reps. digitally signed binaries.


Accepted Solutions
L5 Sessionator

Both samples were update to "benign" as of 9:43 CST this morning.  Please allow some time for this change to be reflected on virustotal.com.

View solution in original post


All Replies
L5 Sessionator

Both files have been queued for review.  Please allow us 24 to 48 hours to process these samples.

L1 Bithead

that was super quick response to the post... appreciate it.. will await a response.

 

btw- if there are options for whitelisting proactively do share the same , appreciate the help

L7 Applicator

We can whitelist a signer. Are these samples digitally signed?

L1 Bithead

Yes all our binaries are digitally signed by SHA256 and sha1 signatures.. EV authenticode

L5 Sessionator

Both samples were update to "benign" as of 9:43 CST this morning.  Please allow some time for this change to be reflected on virustotal.com.

View solution in original post

L1 Bithead

What is the process to proceed for whitelist based on signature?.. would love to take this up to avoid chasing detection for suppression etc.....

L7 Applicator

The next time you submit an FP, please ask the signer to be whitelisted.

L1 Bithead

Wondering if we should wait for a False positive to occur and then raise this request. Would it not be easier for all if we proceed with the CA whitelisting now than later so its more proactive rather reactive. if the team requires more file samples or such happy to supply those

L7 Applicator

Ok, I opened an internal request for you, will let you know once our threat researchers review the sample's signer.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!