Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
06-23-2022 01:08 PM
How can I submit a false positive malicious file review by e-mail? I'm not a Palo Alto customer and have no access to the portal or software to follow the instructions I've found online.
Any help is appreciated. Thank you.
06-24-2022 01:56 PM
I just want to submit a false positive for your review. I am not a Palo Alto customer and have no access to report it through the web portal.
File - CheckRMM.exe
md5: acf3e370e68a9970dced575a53b9b76e
VirusTotal evaluation: https://www.virustotal.com/gui/file/9df6d9d6c362b28a3548e8fa4e89b159481503ca4a987f44471ffa5f12064650
Download link to a compressed copy of this executable with a password of ‘infected’: https://www.netservicesgroup.com/sample/checkrmm.zip
Any assistance it appreciated. Thank you.
06-24-2022 02:00 PM
You can follow this pinned post here:
https://live.paloaltonetworks.com/t5/virustotal/virustotal-verdict-change-request-for-false-positive...
Please provide the information in the pinned post and we can take a look at the file.
I noticed on VT that this has a VT score of 29/67. Can you give some incite as to why there would be such a high score for this file? What is a description of this file?
06-27-2022 04:46 AM
All this file does is check for the existance of a Windows service. If the service doesn't exist it sends and e-mail to so our team can take corrective action. Its written in PowerShell and compiled to a EXE using signtool.exe by Authenticode.
Here is the PowerShell script source with a variables redacted for out security purposes.
& {$H = HOSTNAME; $service = Get-Service -Name '<redacted for security reasons>' -ErrorAction SilentlyContinue;if($service -eq $null) {$HostIP = (Get-NetIPConfiguration | Where-Object {$_.IPv4DefaultGateway -ne $null -and $_.NetAdapter.Status -ne 'Disconnected'}).IPv4Address.IPAddress; $Subject = [System.String]::Concat($H, ' (' , $HostIP, ') does not have RMM installed');$PSEmailServer = '<redacted for security reasons>';$password = ConvertTo-SecureString '<redacted for security reasons>' -AsPlainText -Force;$Cred = New-Object System.Management.Automation.PSCredential ('<redacted for security reasons>', $password);Send-MailMessage -From '<redacted for security reasons>' -To '<redacted for security reasons>' -Subject $Subject -UseSsl -Port 587 -Credential $Cred;}};
Any assistance it appreciated. Thank you.
06-27-2022 04:20 PM
I've submitted this for review
06-28-2022 05:30 PM
This file is no longer seen as malware
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
