cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

False Positive

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
thevolikov
L1 Bithead
‎06-06-2018 04:01 AM
‎06-06-2018 04:01 AM

False Positive

False positive on uTorrent:

https://www.virustotal.com/#/file-analysis/MDAyZjAzNzNjNDc5NGZmYjkxOTdmNzRmNTRlZThiM2M6MTUyODI4Mjc5O...

 

0 Likes
Reply

Accepted Solutions
mivaldi
L7 Applicator
‎06-08-2018 11:03 AM
‎06-08-2018 11:03 AM

f46a162f52d93172da4ccfd208c7cb4b53b6f890a786630ba46b1435cfd02c3a verdict has been changed to grayware.

It will now show as 'clean' in VirusTotal.

The associated Antivirus signature (beginning with tomorrow's release) will be removed from the Palo Alto Networks Antivirus database.

View solution in original post

0 Likes
Reply

All Replies
mivaldi
L7 Applicator
‎06-06-2018 05:47 AM
‎06-06-2018 05:47 AM

Where can the original installer be downloaded from? Can you provide the download link?

0 Likes
Reply
thevolikov
L1 Bithead
‎06-06-2018 07:04 AM
‎06-06-2018 07:04 AM

Uploaded it to sendpsace: https://www.sendspace.com/file/531fhi

 

You'll probably have to click "Download" twice because there's ad.

0 Likes
Reply
thevolikov
L1 Bithead
‎06-07-2018 08:15 AM
‎06-07-2018 08:15 AM

Any news?... Still have a false positive...

0 Likes
Reply
mivaldi
L7 Applicator
‎06-07-2018 08:23 AM
‎06-07-2018 08:23 AM

The uTorrent installers available at https://www.utorrent.com/downloads/win are 2.6MB in size.

The file you provided is 6.2MB.

 

Can you explain the difference in file size?

0 Likes
Reply
thevolikov
L1 Bithead
‎06-07-2018 10:12 AM
‎06-07-2018 10:12 AM

Ehm... this is the first time I get a question like this from an AV support representative. Your AV claims that the file is generic whereas it's just a clean uTorrent installer. Check — approve — done, that's how it always worked with all the other AVs. And if you look at the official uTorrent installer, you can see it's a bundle with ads.

 

Anyway, the installer I uploaded — it's a repack. I removed all ads so it's just clean uTorrent without anything else. That's it.

0 Likes
Reply
mivaldi
L7 Applicator
‎06-07-2018 11:14 AM
‎06-07-2018 11:14 AM

The sample exhibits suspicious behaviors. I'll work with our malware research team to verify this sample.

 

Screen Shot 2018-06-07 at 3.11.53 PM.png

0 Likes
Reply
mivaldi
L7 Applicator
‎06-07-2018 11:20 AM
‎06-07-2018 11:20 AM

f46a162f52d93172da4ccfd208c7cb4b53b6f890a786630ba46b1435cfd02c3a has been submitted for verdict reconsideration.

0 Likes
Reply
mivaldi
L7 Applicator
‎06-08-2018 11:03 AM
‎06-08-2018 11:03 AM

f46a162f52d93172da4ccfd208c7cb4b53b6f890a786630ba46b1435cfd02c3a verdict has been changed to grayware.

It will now show as 'clean' in VirusTotal.

The associated Antivirus signature (beginning with tomorrow's release) will be removed from the Palo Alto Networks Antivirus database.

View solution in original post

0 Likes
Reply
thevolikov
L1 Bithead
‎06-09-2018 01:48 AM
‎06-09-2018 01:48 AM

Thanks!

Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2021 - Palo Alto Networks