False positive removal request-generic.ml

cancel
Showing results for 
Search instead for 
Did you mean: 

False positive removal request-generic.ml

L1 Bithead

We are seeing False positive on our binaries , request assitance to Whitelist this... if possible also point me to place for proactive whitelisting to avoid detection in future on other binaries as all our binaries are signed

 

File Hash: 07c3fe8a8f0b2f3dce76e7754f71efb8b6cfaf92e6ec0d575462a719b090603b

Link to Virustotal report for the file: https://www.virustotal.com/#/file/07c3fe8a8f0b2f3dce76e7754f71efb8b6cfaf92e6ec0d575462a719b090603b/d...

Current VirustTotal Verdict: generic.ml

Description: In house file used by support reps. digitally signed binaries.

 

File Hash:  c1e0ca19ca664ffb65db7957fabc5ad2

Link to Virustotal report for the file: https://www.virustotal.com/#/file/07c3fe8a8f0b2f3dce76e7754f71efb8b6cfaf92e6ec0d575462a719b090603b/d...

Current VirustTotal Verdict: generic.ml

Description: In house file used by support reps. digitally signed binaries.

1 ACCEPTED SOLUTION

Accepted Solutions

Both samples were update to "benign" as of 9:43 CST this morning.  Please allow some time for this change to be reflected on virustotal.com.

View solution in original post

11 REPLIES 11

L5 Sessionator

Both files have been queued for review.  Please allow us 24 to 48 hours to process these samples.

that was super quick response to the post... appreciate it.. will await a response.

 

btw- if there are options for whitelisting proactively do share the same , appreciate the help

We can whitelist a signer. Are these samples digitally signed?

Yes all our binaries are digitally signed by SHA256 and sha1 signatures.. EV authenticode

Both samples were update to "benign" as of 9:43 CST this morning.  Please allow some time for this change to be reflected on virustotal.com.

View solution in original post

What is the process to proceed for whitelist based on signature?.. would love to take this up to avoid chasing detection for suppression etc.....

The next time you submit an FP, please ask the signer to be whitelisted.

Wondering if we should wait for a False positive to occur and then raise this request. Would it not be easier for all if we proceed with the CA whitelisting now than later so its more proactive rather reactive. if the team requires more file samples or such happy to supply those

Ok, I opened an internal request for you, will let you know once our threat researchers review the sample's signer.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!