cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

False Positive

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

False Positive

Go to solution
thevolikov
L1 Bithead

‎06-06-2018 04:01 AM

False positive on uTorrent:

https://www.virustotal.com/#/file-analysis/MDAyZjAzNzNjNDc5NGZmYjkxOTdmNzRmNTRlZThiM2M6MTUyODI4Mjc5O...

 

0 Likes Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
mivaldi
L7 Applicator
In response to mivaldi

‎06-08-2018 11:03 AM - edited ‎06-08-2018 11:04 AM

f46a162f52d93172da4ccfd208c7cb4b53b6f890a786630ba46b1435cfd02c3a verdict has been changed to grayware.

It will now show as 'clean' in VirusTotal.

The associated Antivirus signature (beginning with tomorrow's release) will be removed from the Palo Alto Networks Antivirus database.

View solution in original post

0 Likes Likes
9 REPLIES 9

Go to solution
mivaldi
L7 Applicator

‎06-06-2018 05:47 AM

Where can the original installer be downloaded from? Can you provide the download link?

0 Likes Likes

Go to solution
thevolikov
L1 Bithead
In response to mivaldi

‎06-06-2018 07:04 AM

Uploaded it to sendpsace: https://www.sendspace.com/file/531fhi

 

You'll probably have to click "Download" twice because there's ad.

0 Likes Likes

Go to solution
thevolikov
L1 Bithead
In response to thevolikov

‎06-07-2018 08:15 AM

Any news?... Still have a false positive...

0 Likes Likes

Go to solution
mivaldi
L7 Applicator
In response to thevolikov

‎06-07-2018 08:23 AM

The uTorrent installers available at https://www.utorrent.com/downloads/win are 2.6MB in size.

The file you provided is 6.2MB.

 

Can you explain the difference in file size?

0 Likes Likes

Go to solution
thevolikov
L1 Bithead
In response to mivaldi

‎06-07-2018 10:12 AM

Ehm... this is the first time I get a question like this from an AV support representative. Your AV claims that the file is generic whereas it's just a clean uTorrent installer. Check — approve — done, that's how it always worked with all the other AVs. And if you look at the official uTorrent installer, you can see it's a bundle with ads.

 

Anyway, the installer I uploaded — it's a repack. I removed all ads so it's just clean uTorrent without anything else. That's it.

0 Likes Likes

Go to solution
mivaldi
L7 Applicator
In response to thevolikov

‎06-07-2018 11:14 AM

The sample exhibits suspicious behaviors. I'll work with our malware research team to verify this sample.

 

Screen Shot 2018-06-07 at 3.11.53 PM.png

0 Likes Likes

Go to solution
mivaldi
L7 Applicator
In response to mivaldi

‎06-07-2018 11:20 AM

f46a162f52d93172da4ccfd208c7cb4b53b6f890a786630ba46b1435cfd02c3a has been submitted for verdict reconsideration.

0 Likes Likes

Go to solution
mivaldi
L7 Applicator
In response to mivaldi

‎06-08-2018 11:03 AM - edited ‎06-08-2018 11:04 AM

f46a162f52d93172da4ccfd208c7cb4b53b6f890a786630ba46b1435cfd02c3a verdict has been changed to grayware.

It will now show as 'clean' in VirusTotal.

The associated Antivirus signature (beginning with tomorrow's release) will be removed from the Palo Alto Networks Antivirus database.

0 Likes Likes

Go to solution
thevolikov
L1 Bithead
In response to mivaldi

‎06-09-2018 01:48 AM

Thanks!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2022 - Palo Alto Networks