This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Palo Alto Networks generic.ml: JRS_SLE.EXE

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Palo Alto Networks generic.ml: JRS_SLE.EXE

Go to solution
jrs-soft
L1 Bithead

‎03-06-2019 12:50 PM

I'm reporting a false positive for the file: JRS_SLE.EXE. On Virustotal.com Palo Alto Networks flags the file as "generic:ml" when, in fact, the program is harmless. It's actually part of our anti-piracy protection. I wrote and compiled the program. Furthermore, the file is signed by Jurik Research Software, Inc. with a digital certificate. If Palo Alto Networks need a copy of the file or further information, let me know.

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
jrs-soft
L1 Bithead
In response to mivaldi

‎03-07-2019 08:10 PM

The hash is correct, but some explanation is in order. Yesterday, I noticed that the file listed on VirusTotal was a little out of date, so I uploaded the current version (which will soon be updated again) and the detection results changed. Now, 6 out of 64 engines detect it as malware, and Palo Alto Networks is not listed as detecting it or showing it as clean.

 

Perhaps you have some idea why it's not appearing in either group now.

View solution in original post

0 Likes Likes
4 REPLIES 4

Go to solution
tdavault
L3 Networker

‎03-06-2019 01:52 PM

Hello, 

 

Please provide the following information so that we may assist you further:

 

File Hash: <hash>

Link to Virustotal report for the file: <link>

Current VirustTotal Verdict: <verdict>

 

0 Likes Likes

Go to solution
jrs-soft
L1 Bithead
In response to tdavault

‎03-06-2019 02:11 PM

Thanks for the repy.

 

SHA-256 19d4d041a07c50fdf3a828f2676869d99ac14fb13f43ca8d3c66fc9a6daabe91

 

https://www.virustotal.com/#/file/19d4d041a07c50fdf3a828f2676869d99ac14fb13f43ca8d3c66fc9a6daabe91/d...

 

I'm not sure what you mean by verdict, but 8 of 69 malware engines falsely detect the file as being malware.

 

0 Likes Likes

Go to solution
mivaldi
L7 Applicator
In response to jrs-soft

‎03-07-2019 01:36 PM

I don't see any generic:ml for that sample for Palo Alto Networks. We have made no changes.

Do you have the right sha256?

0 Likes Likes

Go to solution
jrs-soft
L1 Bithead
In response to mivaldi

‎03-07-2019 08:10 PM

The hash is correct, but some explanation is in order. Yesterday, I noticed that the file listed on VirusTotal was a little out of date, so I uploaded the current version (which will soon be updated again) and the detection results changed. Now, 6 out of 64 engines detect it as malware, and Palo Alto Networks is not listed as detecting it or showing it as clean.

 

Perhaps you have some idea why it's not appearing in either group now.

0 Likes Likes
  • 1 accepted solution
  • 7005 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks