Mosin Posted December 11, 2020 Report Share Posted December 11, 2020 Hi After updating to VIPM 2020.3 on windows my Anti-Exploit software (Paloalto Cortex) stops it from starting, flagging a WildFire component as suspicious. Is there any issues with the latest package? Quote Link to comment Share on other sites More sharing options...
Jim Kring Posted December 11, 2020 Report Share Posted December 11, 2020 Hi @Mosin Thanks for letting us know. To my knowledge, you're the first report of this. I see that Paloalto Cortex uses AI to determine the likelyhood of a threat. So, it could simply be that nobody has trained it on VIPM 2020.3 yet 🙂 That said, I'd like to learn more. Can you post more details, like a screenshot or copy+paste of the report? Quote Link to comment Share on other sites More sharing options...
Mosin Posted December 11, 2020 Author Report Share Posted December 11, 2020 (edited) Thank you for getting back. Yes, it could just be a false positive, that I am unlucky to hit. The details of the reports is: Application Information: Source process ID: 17712 Source process name: VI Package Manager.exe Source application location: C:\Program Files (x86)\JKI\VI Package Manager\VI Package Manager.exe Source process command line: "C:\Program Files (x86)\JKI\VI Package Manager\VI Package Manager.exe" Source application version: 2020.3.0.2532 Source application publisher: JKI Source application signers: James Kring, Inc. Prevention Information: Prevention date: 10. december 2020 Prevention time: 16:48:25 OS version: 10.0.18363.2.0.0.256.1 Component: WildFire Cortex XDR code: C0400055 Prevention description: Suspicious executable detected Verdict: 2 Quarantined: True Post-Detected: False Hash: F0F72FE0796C9B8E9378241AEE3BCE0256E1AE1178C6DB5F71DBCFC5E097959E Additional information 1: C:\Program Files (x86)\JKI\VI Package Manager\VI Package Manager.exe Additional information 2: F0F72FE0796C9B8E9378241AEE3BCE0256E1AE1178C6DB5F71DBCFC5E097959E Additional information 3: F0F72FE0796C9B8E9378241AEE3BCE0256E1AE1178C6DB5F71DBCFC5E097959E Additional information 4: 2 Which does not really tell me anything. If I lookup the Hash for the process as given in the report, I find the following report from Virustotal: https://www.virustotal.com/gui/file/f0f72fe0796c9b8e9378241aee3bce0256e1ae1178c6db5f71dbcfc5e097959e/detection Which indicate that it is not just Cortex that detects the exe as suspicious. I do not know how to read the details of the report though, so I can not see how I might be able to resolve this. Edited December 11, 2020 by Mosin Quote Link to comment Share on other sites More sharing options...
Jim Kring Posted December 11, 2020 Report Share Posted December 11, 2020 OK, thanks for posting all this. I don't really know how to interpret that, either. Since this is a new release, maybe we just need to wait and earn the trust of our AI overlords. Quote Link to comment Share on other sites More sharing options...
Mosin Posted December 13, 2020 Author Report Share Posted December 13, 2020 (edited) Since there does not seem to be any actual security issue it could be just a waiting game. I think my IT department might be able to submit the executable for reevaluation or as a false positive, I will see if I can get it fixed that way. Thanks for the help. Edited December 13, 2020 by Mosin 1 Quote Link to comment Share on other sites More sharing options...
Jim Kring Posted December 13, 2020 Report Share Posted December 13, 2020 Sure thing, and thank you for reporting it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.