Forum Discussion

Frank_keough's avatar
Frank_keough
Copper Contributor
Jul 03, 2024

Azure Cloud Defender false positive

Cloud Defender threw up alert on Trojan:Script/Phonzy.B!ml  for a PaloAlto virtual firewall. There are no Defender agents, (detection was agentless). 

 

I cannot find any other incidents or similar issues.  The affected file is pps_parport.ko  which is a library file. 

 

Currently unable to get the file off the Palo to upload to VirusTotal or similar website. 

 

No other security issues with Azure servers.  

 

Is there a way to find if this is a false positive or am is this system a canary in a coalmine? 

alerts
cloud security
threat protection

3 Replies

Sort By
    • Frank_keough's avatar
      Frank_keough
      Copper Contributor
      Sep 16, 2024

      ndrfillmore 

       

      According to Microsoft turned out to be a false positive. 1 other user had the issue at the time. No Palo support so they were not in play.  Open a ticket with Defender. 

       

      Good luck. 

      • ndrfillmore's avatar
        ndrfillmore
        Copper Contributor
        Sep 17, 2024
        that is our conclusion as well. It was only found inside of a pcap file that the firewall generated on its own.

Resources