- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
False Positive: Virus/Win32.WGeneric.yeksq
- LIVEcommunity
- Collaboration
- Discussions
- VirusTotal
- False Positive: Virus/Win32.WGeneric.yeksq
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
02-18-2019 04:05 AM
File Hash: 44e94be969d812a907cc14e68c43280709b9be555e5c966e820af1eb6f7f48c3
Link to Virustotal report for the file: https://www.virustotal.com/en/file/44e94be969d812a907cc14e68c43280709b9be555e5c966e820af1eb6f7f48c3/...
Virustotal verdict: 0/67
Description: Visma InSchool Primus client ver: W4.59.2
Accepted Solutions
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
02-18-2019 11:48 PM
Hello
This hash (44e94be969d812a907cc14e68c43280709b9be555e5c966e820af1eb6f7f48c3) is tied to a benign file.
I have asked our team to check signatrue Virus/Win32.WGeneric.yeksq
Thanks
Himani
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
02-19-2019 09:45 AM
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
02-18-2019 11:48 PM
Hello
This hash (44e94be969d812a907cc14e68c43280709b9be555e5c966e820af1eb6f7f48c3) is tied to a benign file.
I have asked our team to check signatrue Virus/Win32.WGeneric.yeksq
Thanks
Himani
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
02-19-2019 09:45 AM
Hello,
This signature is been disabled.
Thanks
Himani
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
06-18-2020 02:28 AM
Even we have recieved Virus/Win32.WGeneric.aahwee signature Threat ID: 2001455.
Any thoughts?
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
06-18-2020 02:38 AM
Hi Himani,
Could you also check Virus/Win32.WGeneric.aahwee signature, Threat ID: 2001455 as we are getting to many alerts
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
06-18-2020 01:52 PM - edited 06-18-2020 01:53 PM
This forum is for non-customers reporting WildFire verdict FP's on VirusTotal.
If you have an AV signature triggering as an FP in your firewall, please open a Support case.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-05-2021 02:35 PM
Hi Team,
Lately I have started seeing lots of Threat Logs for Threat ID 406494039 which is for Virus/Win32.WGeneric.bcqcxs as per https://threatvault.paloaltonetworks.com/ however the hashes provided in the signature/threat ID definition i have checked in Virus Total and other hash file repuation check , these are not reported any where so i have few question
1)If the hashes (below mentioned )corresponding to which this threat is checking are not malicious in any way then why the alert is triggering ?
2) Since Palo alto is blocking these connection based on Threat ID and sending reset-both to client and server then why firewall resets the connection continuously i have seen 700+ logs in less 11 hours so what this signifies some one was accessing the file continuously for 11 hours if not then why did firewall kept on sending reset-both for 11 hours ?
I would request you to please answer the above questions as soon as possible also i did not found a way to post a new question hence asking my questions here ..thanks
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-07-2021 08:13 AM
Please provide an answer to the above questions ASAP.
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
