WildFire False Positive Submission

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

WildFire False Positive Submission

L1 Bithead

Hello there, 

I represent Kromtech company(https://kromtech.com) which produces MacKeeper app (https://mackeeper.com). 

We have report from our partners that your WildFire service marks our products as Malware.

Screen Shot 2018-05-18 at 10.41.48 AM.pngWe would like to report false positive but I didn't find a way how to do that if I don't own your service. I've been suggested to use this forum on https://live.paloaltonetworks.com/t5/General-Topics/How-to-report-false-positive-if-I-m-not-a-custom...
Could you please help me with submission? 
Appreciate your help.

Have a nice day.

8 REPLIES 8

L7 Applicator

Submitted 386327141deeaf22d230e8eabf4bf1ca886aa5d63114b2e370c2273fd64705c0 for verdict reconsideration.

386327141deeaf22d230e8eabf4bf1ca886aa5d63114b2e370c2273fd64705c0 has been recategorized to grayware.

The associated Antivirus signature will be removed from the Palo Alto Networks Antivirus database. (this may take up to 48 hours).

Could you please explain what is grayware and what are the reasons for you to consider MacKeeper as grayware?
Thank you. 

https://www.paloaltonetworks.com/documentation/translated/70/newfeaturesguide/wildfire-features/wild...

 

The WildFire grayware verdict classifies files that behave similarly to malware, but are not malicious in nature or intent. A grayware verdict might be assigned to files that do not pose a direct security threat, but display otherwise obtrusive behavior (for example, installing unwanted software, changing various system settings, or reducing system performance). Examples of grayware software can typically include adware, spyware, and Browser Helper Objects (BHOs). The grayware verdict allows you to quickly distinguish malicious files on the network from grayware, and to prioritize accordingly.

 

Antivirus signatures are not generated for grayware and security policies cannot be enforced based on the grayware verdict. However, logs and reports can continue to alert to endpoints downloading grayware, enabling you to take any necessary action.

Hi again, 

appreciate your help with previuous case. 

Unfortunately, we heard from our partner that your system still threat our installers as malware.

Here is report for .dmg file with MacKeeper.pkg installer. Dmg file can be downloaded via Chrome from: https://mackeeper.com/download

 

 Screen Shot 2018-06-20 at 8.51.41 PM.png

Could you please remove Malware mark for all MacKeeper related components? Do you need any information from us to do that?

Thank you. 

 

Hello,

could you please give me any updates? 

Please place this as a new submission. It helps us track if we keep it to one submission per thread.

Thank you,

I will do as instructed. 

  • 6322 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!