False Positive

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

False Positive

L1 Bithead
1 accepted solution

Accepted Solutions

f46a162f52d93172da4ccfd208c7cb4b53b6f890a786630ba46b1435cfd02c3a verdict has been changed to grayware.

It will now show as 'clean' in VirusTotal.

The associated Antivirus signature (beginning with tomorrow's release) will be removed from the Palo Alto Networks Antivirus database.

View solution in original post

9 REPLIES 9

L7 Applicator

Where can the original installer be downloaded from? Can you provide the download link?

Uploaded it to sendpsace: https://www.sendspace.com/file/531fhi

 

You'll probably have to click "Download" twice because there's ad.

Any news?... Still have a false positive...

The uTorrent installers available at https://www.utorrent.com/downloads/win are 2.6MB in size.

The file you provided is 6.2MB.

 

Can you explain the difference in file size?

Ehm... this is the first time I get a question like this from an AV support representative. Your AV claims that the file is generic whereas it's just a clean uTorrent installer. Check — approve — done, that's how it always worked with all the other AVs. And if you look at the official uTorrent installer, you can see it's a bundle with ads.

 

Anyway, the installer I uploaded — it's a repack. I removed all ads so it's just clean uTorrent without anything else. That's it.

The sample exhibits suspicious behaviors. I'll work with our malware research team to verify this sample.

 

Screen Shot 2018-06-07 at 3.11.53 PM.png

f46a162f52d93172da4ccfd208c7cb4b53b6f890a786630ba46b1435cfd02c3a has been submitted for verdict reconsideration.

f46a162f52d93172da4ccfd208c7cb4b53b6f890a786630ba46b1435cfd02c3a verdict has been changed to grayware.

It will now show as 'clean' in VirusTotal.

The associated Antivirus signature (beginning with tomorrow's release) will be removed from the Palo Alto Networks Antivirus database.

Thanks!

  • 1 accepted solution
  • 5858 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!