False Positive: Virus/Win32.WGeneric.yeksq

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

False Positive: Virus/Win32.WGeneric.yeksq

L0 Member

File Hash: 44e94be969d812a907cc14e68c43280709b9be555e5c966e820af1eb6f7f48c3

Link to Virustotal report for the file: https://www.virustotal.com/en/file/44e94be969d812a907cc14e68c43280709b9be555e5c966e820af1eb6f7f48c3/...

Virustotal verdict: 0/67

Description: Visma InSchool Primus client ver: W4.59.2

2 accepted solutions

Accepted Solutions

L4 Transporter

Hello

 

This hash (44e94be969d812a907cc14e68c43280709b9be555e5c966e820af1eb6f7f48c3) is tied to a benign file.

 

I have asked our team to check signatrue  Virus/Win32.WGeneric.yeksq

 

Thanks

Himani

Himani Singh

View solution in original post

Hello,

 

This signature is been disabled.

 

Thanks

Himani

Himani Singh

View solution in original post

13 REPLIES 13

L4 Transporter

Hello

 

This hash (44e94be969d812a907cc14e68c43280709b9be555e5c966e820af1eb6f7f48c3) is tied to a benign file.

 

I have asked our team to check signatrue  Virus/Win32.WGeneric.yeksq

 

Thanks

Himani

Himani Singh

Hello,

 

This signature is been disabled.

 

Thanks

Himani

Himani Singh

Even we have recieved Virus/Win32.WGeneric.aahwee signature Threat ID: 2001455.

 

Any thoughts? 

Hi Himani,

Could you also check Virus/Win32.WGeneric.aahwee signature, Threat ID: 2001455 as we are getting to many alerts

This forum is for non-customers reporting WildFire verdict FP's on VirusTotal.

If you have an AV signature triggering as an FP in your firewall, please open a Support case.

Hi Team, 

Lately I have started seeing lots of  Threat Logs for Threat ID 406494039 which is for Virus/Win32.WGeneric.bcqcxs as per https://threatvault.paloaltonetworks.com/ however the hashes provided in the signature/threat ID definition i have checked in Virus Total and other hash file repuation check , these are not reported any where so i have few question

 

1)If the hashes (below mentioned )corresponding to which this threat is checking are not malicious in any way then why the alert is triggering ?

2) Since Palo alto is blocking these connection based on Threat ID and sending reset-both to client and server then why firewall resets the connection continuously i have seen 700+ logs  in less 11 hours so what this signifies some one was accessing the file continuously for 11 hours if not then why did firewall kept on sending reset-both for 11 hours ?

 

I would request you to please answer the above questions as soon as possible also i did not found a way to post a new question hence asking my questions here ..thanks 

Please provide an answer to the above questions ASAP. 

L2 Linker

 

Can I get assistance on this false positive.

9a27f17d859d7f60a26030c7a0ef3698ffa0ff5ff4230963e52ab79a6a4dacdf

Virus/Win32.WGeneric.dyafjk

Unique Threat ID: 575312775
Create Time: 2023-03-15 02:43:51 (UTC)

 

 

P.S

please create a new post and include the information requested in the pinned post.

L1 Bithead

Hello, this virus seems false positive. Its getting blocked at the firewall. 
Virus/Win32.WGeneric.atqfjb
a5bf3c0390b210abd3dacd1eb6d767b66962e0658470ac0b64ad281771ea9d0e

please create a new post 

Hello all,

When I am trying to download https://marketplace.visualstudio.com/items?itemName=ritwickdey.LiveServer this extension. Its getting blocked at the firewall via this signature Virus/Win32.WGeneric.atqfjb.

 

Is that false positive ?

L7 Applicator

@tomber You should open a Support ticket for this. This forum is mean to provide assistance to VirusTotal users that are not Palo Alto Networks customers, regarding FP detections by Palo Alto Networks observed in VirusTotal detection reports, and not in firewalls.

  • 2 accepted solutions
  • 29190 Views
  • 13 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!