False positive report

Hi, we followed your advice and forwarded a false positive report to fp_reports@elastic.co but have not received any response. Pls advise:
As a result of this nonsense, Lurkit terminated our service contract and suffered losses. On what basis does it detect the virus?!

Filename; GameClient.exe

Hash (SHA256): 8793afd66ca9940634c587ba6486aba0b99e096160b53c0375a0d039b15249bf

VirusTotal: /gui/file/8793afd66ca9940634c587ba6486aba0b99e096160b53c0375a0d039b15249bf

Hello and thank you for reaching out. Our team reviews false positive submissions on a monthly basis. While we don’t guarantee that we’ll take action on each request, if we do decide to take action and treat the detection as an FP, you can expect to see an update within a month.

Please see Submitting False Positives for more details.


Just adding one more thing:

If you encounter any FPs in your environment, you can create Endpoint Exceptions to resolve any alerts and avoid further alerts in the future. If you choose to go this route, make sure you create an Endpoint Exception, not a Rule Exception.

I see that file is signed. Exceptions can be made by signer, which will exclude all files signed by that entity.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.