This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
False positive submission
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- VirusTotal
- False positive submission
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
False positive submission
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-07-2021 05:14 PM
File Hash: lots of files (all versions we have distributed since the service started)
Files to download : https://drive.google.com/file/d/1UU_LUlLwhNan-Z657WEMD9gOtDyfFvET/view?usp=sharing
Link to Virustotal report for the file: https://www.virustotal.com/gui/file/e6ed2f92fe26eb85dc5019654da03c11b7b3a03adb0e6de065c54d9c71c5ded1...
Current VirustTotal Verdict: Generic.ml (2 / 67)
Description:
Our product is developed with C# .NET framework and we use .NET Reactor to secure it. .Net Reactor is a tool for code protection and anti-debug. This service is utility tools for small businesses in South Korea.
And all our binaries signed with EV Code Signing certificate. About 5 month ago, we noticed that our product was treated as a malware by multiple anti-virus softwares.
The problem was an option of .NET Reactor. We received advice from .NET Reactor team and turned off the 'Native EXE' option in their software since Oct 15th, 2020. KST
After changing the option, most false positive detection have disappeared. However, TotalVirus keeps histories of previous versions of our binaries which are not distributing anymore.
ex.https://www.virustotal.com/gui/file/6693d1f5eec019580667d10a52d6623777ba774ee7714bac3e7f3a38e06cd5a0...
And Paloalto keeps 'Generic.ml' after it.
https://drive.google.com/file/d/1UU_LUlLwhNan-Z657WEMD9gOtDyfFvET/view?usp=sharing
These are all the binaries we have distributed. Some are clean by Paloalto and some are treated as a malware by Paloalto.
Please review all the files.
Thank you
6 REPLIES 6
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-30-2021 11:18 AM
since you are Palo Alto customer , please open Tac case . This form is for non Palo Alto customers .
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks