cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

We are seeing lot of Teams.nuspec as virus - are they False Positive?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
msb_itservices
L0 Member
‎06-09-2020 11:11 PM
‎06-09-2020 11:11 PM

We are seeing lot of Teams.nuspec as virus - are they False Positive?

Hi there, 

 

Lately we have seen number of blocked connection for Teams.nuspec. Virus Total report for Destination IP is shows clean. 

msb_itservices_0-1591769500924.png

 

2 people had this problem.
Reply

Accepted Solutions
mivaldi
L7 Applicator
‎06-16-2020 10:42 AM
‎06-16-2020 10:42 AM

346947453 was disabled and is now removed from Antivirus 3381

View solution in original post

0 Likes
Reply

All Replies
jcharette
L0 Member
‎06-10-2020 05:59 AM
‎06-10-2020 05:59 AM

We've seen a bunch of these as well from when we first started using Microsoft Teams.

Since then, we have bursts of them.  Yesterday was a bad day.  I think they are false positives as well, but I'd love to better understand why we are getting them.

0 Likes
Reply
mivaldi
L7 Applicator
‎06-10-2020 12:20 PM
‎06-10-2020 12:20 PM

Please open a Support case so it can be looked at in detail.

0 Likes
Reply
jmontoya224
L1 Bithead
‎06-10-2020 12:55 PM
‎06-10-2020 12:55 PM

I have also been seeing this file across some of our customers that we monitor. We will get Virus alerts for that file that WildFire is flagging. I don't think this is a virus and is more than likely a false+. I was looking into this a little further and found out that the file is being hosted here https://chocolatey.org/packages/microsoft-teams#files. The file passes all checks on their site which you can view the Registry Snapshot by going to the following link https://gist.github.com/choco-bot/94b957a0ae5da9a075eb88dd4c890bd9. If I get some time I will download the file on my VM and run it through some checks and will update. I agree with the above comment and open a case so that Palo can take a look into this further. Have a good day! 

Reply
mivaldi
L7 Applicator
‎06-11-2020 11:41 AM
‎06-11-2020 11:41 AM

We are looking at it further to understand what is causing the continued FP detections.

All the signatures listed in the screenshot are now disabled.

0 Likes
Reply
it.tbpl
L0 Member
‎06-12-2020 06:28 AM
‎06-12-2020 06:28 AM

still false-positives for threat id: 346399143  filename: Teams.nuspec -  Virus/Win32.WGeneric.akfdwd

Content version: Antivirus-3376-3887

0 Likes
Reply
dparris
L5 Sessionator
‎06-12-2020 06:56 AM
‎06-12-2020 06:56 AM

The signature 346399143 was disabled 06/11/2020

0 Likes
Reply
mivaldi
L7 Applicator
‎06-12-2020 10:57 AM
‎06-12-2020 10:57 AM

The signature is removed beginning with Antivirus version 3377-3888

0 Likes
Reply
it.tbpl
L0 Member
‎06-16-2020 05:19 AM
‎06-16-2020 05:19 AM

Another: teams.nuspec -  Virus/Win32.WGeneric.a

signature: 346947453 (in Antivirus-3380-3891)

Filename: Teams.nuspec

 

 
0 Likes
Reply
jcharette
L0 Member
‎06-16-2020 05:34 AM
‎06-16-2020 05:34 AM

Same!  We've received a bunch of those as well.

The virus 346947453(346947453) was detected at Teams.nuspec

0 Likes
Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2021 - Palo Alto Networks