05-16-2024 04:46 AM - edited 05-21-2024 02:49 PM
Hello,
File Hash: c31341b8ed142e4fe4d8ead6ef773b99394fb8efd5bfae6af763c592bf460017
Link to Virustotal report for the file: https://www.virustotal.com/gui/file/c31341b8ed142e4fe4d8ead6ef773b99394fb8efd5bfae6af763c592bf460017...
Current VirustTotal Verdict: Generic.ml
Description: Barcode Recognition SDK, library for developers
We are software development company, one of our .exe files has been detected as malware on Virustotal.com by Palo Alto Networks antivirus.
What is the correct way to report false positive? I've tried to submit false positive by e-mail provided on virustotal.com false positive report vendors list (https://docs.virustotal.com/docs/false-positive-contacts), but it is not possible to send .exe or password protected archive because of e-mail declined by Palo Alto mail server, so I've just sent a Virustotal hash, but didn't get any notification back that request has been received.
05-22-2024 03:46 PM
I'm not aware of anyone monitoring the PAN email. This is the forum for requesting verdict changes for non-Palo Alto Networks customers.
As for your file, the verdict has been updated; this is no longer deemed malware.
05-16-2024 06:07 AM
Hello,
Do you have an active Palo Alto support account? If so you can open a tac case and follow these KBs.
How to Submit a Vulnerability Signature False Positive - Knowledge Base - Palo Alto Networks
How to submit Anti-Virus False Positive - Knowledge Base - Palo Alto Networks
05-16-2024 06:09 AM
I am not Palo Alto Networks customer, so am not able to create support account.
05-16-2024 06:15 AM
You could try contacting their support through here, granted they may not be able to assist without a contract. Otherwise you may just have to wait for confirmation on your email to them or their are PAN employees that monitor this and could see this and assist
05-16-2024 06:29 AM - edited 05-16-2024 06:32 AM
On virustotal.com false positive report vendor contact list (https://docs.virustotal.com/docs/false-positive-contacts) there is e-mail address (vt-pan-false-positive@paloaltonetworks.com) where you can send false positive report, but when you try to send .exe or password protected archive, e-mail will be automatically declined. So I've sent just explanation with virustotal.com hash many days ago, but nobody replied back, even with some automatic notification with "Thank you, your request has been received".
In Contact Us if I press on create a case on support portal, I open a page with "An unexpected error has occurred. Please contact support." and it leads to phone numbers list in different countries, but my country not in the list.
Is it the only option to contact IT company support is grab the phone and call to abroad? 😄
05-20-2024 01:59 PM
Hello,
Please follow the pin post at the top of this forum for how to provide the information we need for VT file reviews. This post can be found here:
Pinned Post
05-21-2024 12:30 AM
Hello, what is missing in my first post?
05-21-2024 10:38 AM
We would like to know the actual description of this file. What does it do, what is the purpose for this file? A more description description will give us a better idea of what this file's purpose is so that we can understand why it maybe doing what it's doing.
05-21-2024 02:52 PM - edited 05-21-2024 02:53 PM
First post amended, this is library for developers, file is digitally signed, are there any option to report in more private manner and provide file or download link on our company website?
05-21-2024 03:51 PM
That should be all that is needed. Thank you for the detailed description. This file has been submitted for review.
05-22-2024 12:39 AM
Is it possible to report by email vt-pan-false-positive@paloaltonetworks.com provided on https://docs.virustotal.com/docs/false-positive-contacts website? Is this e-mail monitored by someone? I did sent a request on 14 May 2024 but never get answer back, even automatic notification that request has been received.
05-22-2024 03:46 PM
I'm not aware of anyone monitoring the PAN email. This is the forum for requesting verdict changes for non-Palo Alto Networks customers.
As for your file, the verdict has been updated; this is no longer deemed malware.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
