False Positive Submission (generic.ml)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

False Positive Submission (generic.ml)

L1 Bithead

Hello,

 

My name is Shaun Green, and I work in Restoro as the Virus Lab Manager.

 

I have checked our software files in VirusTotal.com today, and found Palo Alto is flagging some of them.

 

We would like to clear these detections as soon as possible.

 

These are the details of the files currently being flagged by Palo Alto:

File Name: uninst.exe

MD5: 8609cbb702bcb44a8652b0da1c9c7af6

SHA1: dff98fb4ecefe41dc1db1d056590687e3b974fec

SHA256: 082e8fd55cbb36198b68d4f3d6e24370303039a190295db99ed148064c68550c

 

File Name: uninst.exe

MD5: 5d722af9069170c827855e4dfb8f537b

SHA1: 4feb6927c59d658285737334200040e335814575

SHA256: eff5eabcfcdfdce422860483bbb4539f70370fcb07d3b00e0c4fd2d195b393fc

 

File Name: engine.dll

MD5: 6ac5a948ccfe9b39ad69f8940e7013a8

SHA1: c3ecb8fec6281abf45def580d01a5f2398fca7ab

SHA256: 784f2485dc24ed2cb033bec5bec60dd66845f623ab28fbad603a7b51c07798a4


Please let me know what we need to do in order to clear our software files in Palo Alto virus definitions.

 

Thank you,

Shaun Green

3 accepted solutions

Accepted Solutions

L4 Transporter

These samples have been submitted for manual evaluation.  Please allow us at least 24 hours.

View solution in original post

These files are no longer listed as malicious by Palo Alto.

View solution in original post

These files are no longer listed as malicious by palo alto. 

View solution in original post

9 REPLIES 9

L4 Transporter

These samples have been submitted for manual evaluation.  Please allow us at least 24 hours.

Hi tsullivan7,

 

i have the same isssue again, 3 files detected by Paloalto

 

filemd5sha1sha256description
uninst64_2015.exe2b63d5396d85a1aed4a00948a53085d5059c6ec2d838d04add29d865e296e0f8b68067704881bbb695de1f69e2a8a971484a5167670fd95d12a74ac0c03029f6edb80e78generic.ml
uninst32_2015.exee11418717511847ae711f0f297edb59141f55c46cc8790c29eac1fb6db1bd6dbdb75aa97d1f61e2e87423581bddcf63560249d843e87be2cd8b00f9a9848ec55d6d4fc1ageneric.ml
engine32_2015.dlle6f31fd3d10f43b974842cde41a6dcf27015c19c3dfe35a443db8f94e6d887ca932154e3d4916f633beb9e1bce920695ecd21a75430cbbbe5c8d54de6ced7649f78e5dc2generic.ml

 

appreciate your help:

Shaun

I have submitted all three files for maual review.

These files are no longer listed as malicious by Palo Alto.

Hi @dparris 

 

i have again issues with file being detected by paloalto

 

filemd5sha1sha256description
engine32_2016.dllb9b83c51bd3cc34422b57a5fecac9276ae992818101283b541dafc17e4dcec03dd908523705f53b4ebf27c29807f308fd84f150648896b511c97bcfc81018c5e3ea6a2e9generic.ml
uninst32_2016.exefcd2542059d920844ee725aa16b51ea61488aac63de0bc27b213b4fd6e5ef277b15a05056d35a40ece87ae1e37258a923a3ac5595a8956f5423e8ea09bbaef2a3b6413a9generic.ml

 

could you please assist with sending them to review?

 

thanks,

Shaun

Shaun,

 

Please do not use MD5 or Sha1 hashes. we only work with Sha256 hashes and it is extra steps for us to look up the hash for you.

 

Also these are different hashes so they are different files. Even if they have the same name as before, they have been changed and in our eyes are different files, please open a different thread next time. 

 

I have entered these files for manual review.

understood

 

appreciate your help

These files are no longer listed as malicious by palo alto. 

@dparris thanks for your help

  • 3 accepted solutions
  • 8297 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!