This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

False positive

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

False positive

carles
L0 Member

‎10-25-2017 01:59 AM

Hi,

We are facing some false positive issues in the software we develop. Here is a link to download a sample installer and also individual content:
https://cp.sync.com/dl/f0ef29c20#hnvbmt7r-zbpvwdaa-qc6feknz-ks834c37
https://cp.sync.com/dl/d4f2b98c0#9bi8w8ve-st3xx7fd-3e4hr9mi-9k5j6gyq
 
We think this could have been caused by the use of an EXE protector/packer/antidebug/anti-tampering
Unfortunately we can't stop using it for security reasons but we digitally sign all the installers and files, so we hope you can whitelist our digital signature, since this is causing many reputation issues to our company and negatively affecting to our relation with customers.
 
Here you have links to the report of both files on VirusTotal:
https://www.virustotal.com/#/file/f221e67a88d8b72dae0901e22356a5e5231485f8f40679 1e0895fbe63e8199b8/detection
https://www.virustotal.com/#/file/afc4aff64a02d2f697d8ca413984524524c819a4667d9a ce9bfed45ed589ecfe/detection
 
Thank you very much in advance.
If you should need any further details or contact information, please do not hesitate to contact me.

1 person had this problem.
0 Likes Likes
2 REPLIES 2

mivaldi
L7 Applicator

‎12-01-2017 03:24 PM - edited ‎12-04-2017 08:51 AM

Submitted analysis for 

f221e67a88d8b72dae0901e22356a5e5231485f8f406791e0895fbe63e8199b8

 

afc4aff64a02d2f697d8ca413984524524c819a4667d9ace9bfed45ed589ecfe is the sha256 of the ZIP files. We don't create verdicts or signatures for ZIP files. That file is being blocked due to file inside being found to be malware: 

FeasaTerminal.exe with sha256 

decd12804e4781be496b6451460bf89f51a215e609775dd31052fbb4c8d8a900.

 

I'm submitting 

decd12804e4781be496b6451460bf89f51a215e609775dd31052fbb4c8d8a900 separatelly for analysis.

 

If these are found to be Benign, the associated signature will get disabled within the next 3 business days.

0 Likes Likes

mivaldi
L7 Applicator
In response to mivaldi

‎12-04-2017 08:53 AM

The following samples were changed to a Benign verdict:

 

f221e67a88d8b72dae0901e22356a5e5231485f8f406791e0895fbe63e8199b8

decd12804e4781be496b6451460bf89f51a215e609775dd31052fbb4c8d8a900

 

The change will reflect in tomorrow's Antivirus release.

Your digital signatur will be added to our trusted signer list.

0 Likes Likes
  • 2511 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks