05-25-2022 11:15 PM
Alert name: Virus/Win32.WGeneric.clqdkh
Hash:(sha256): 354ef16a451f716c8cb3b47ced9878d8962088c143dfa2cf01f4f2ddfc70c097
I've checked the hash file for the the alert name through the https://threatvault.paloaltonetworks.com/ and I got the hash on it.
After checking this hash on Virustotal, the result is "No Matches found".
My questions:
1) If no matches found result, does it mean that the hash is new?
2) How may i determine if is it false positive or malicious?
I checked similar cases regarding on Virus/Win32.WGeneric and they says that this is a false positive.
Give me some thoughts and ideas about this for additional knowledge as i'm starting on this role as a cyber security.
Thank you in advance!
05-26-2022 10:31 AM
Hello,
This forum is for non-customers to request that their files be manually reviewed.
If you have a support license then please open a case with the threat team, Product/Problem area = Threat.
You can also get the actual file that is being deemed malicious and review the file, is this a file from your DEV team and they are creating a new program? Basically what is this file?
There is a possibility this could be a signature collision. Meaning, the file you have matches the signature we have for an actual malicious file. However, you file maybe benign.
Do you own this file? Does this file come from your company/organization?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
