https://live.paloaltonetworks.com/t5/advanced-threat-prevention/false-positive-av-block/m-p/216075#M339 <P>Hi,<BR />Not sure if this is under the correct category but here we go.<BR />I have a false positive in my FWs, I have a file called Pv7_00_169SetupFull.exe which the FWs are detecting as Virus/Win32.WGeneric.qxdip</P><P>If I upload and scan the file with VirusTotal it gives all green lights: <A href="https://www.virustotal.com/#/file/e36d3bb4f9eaff256ecd50f4a6875e41d65d12ef87d06bf7bde79874e989e259/detection" target="_blank">https://www.virustotal.com/#/file/e36d3bb4f9eaff256ecd50f4a6875e41d65d12ef87d06bf7bde79874e989e259/detection</A><BR /><BR />Thanks in advance</P> Thu, 31 May 2018 09:01:53 GMT GOTRIDA 2018-05-31T09:01:53Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/false-positive-av-block/m-p/216075#M339 <P>Hi,<BR />Not sure if this is under the correct category but here we go.<BR />I have a false positive in my FWs, I have a file called Pv7_00_169SetupFull.exe which the FWs are detecting as Virus/Win32.WGeneric.qxdip</P><P>If I upload and scan the file with VirusTotal it gives all green lights: <A href="https://www.virustotal.com/#/file/e36d3bb4f9eaff256ecd50f4a6875e41d65d12ef87d06bf7bde79874e989e259/detection" target="_blank">https://www.virustotal.com/#/file/e36d3bb4f9eaff256ecd50f4a6875e41d65d12ef87d06bf7bde79874e989e259/detection</A><BR /><BR />Thanks in advance</P> Thu, 31 May 2018 09:01:53 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/false-positive-av-block/m-p/216075#M339 GOTRIDA 2018-05-31T09:01:53Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/false-positive-av-block/m-p/216127#M340 <P>Sounds like a signature collision.</P> <P><A href="https://live.paloaltonetworks.com/t5/Threat-Vulnerability-Articles/What-is-a-signature-collision/ta-p/79086" target="_blank">https://live.paloaltonetworks.com/t5/Threat-Vulnerability-Articles/What-is-a-signature-collision/ta-p/79086</A></P> <P>&nbsp;</P> <P>Sometimes benign files collide with signatures generated for False Positives, and the collision can be resolved by fixing the FP.</P> <P>There are other instances where a file may be colliding with the signature of a true malware sample.</P> <P><BR />In that case the general recommendation will be to configure an Antivirus exception.</P> <P><A href="https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/threat-prevention/create-threat-exceptions" target="_blank">https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/threat-prevention/create-threat-exceptions</A></P> <P>&nbsp;</P> <P>In very particular situations, (where a signature for a true malware file causes a massive amount of collisions) we can work with PE files to make the signature more specific.</P> <P>&nbsp;</P> <P>In any case, your issue should be worked through a Support case.</P> <P>Please open a case with Support.</P> Thu, 31 May 2018 15:58:59 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/false-positive-av-block/m-p/216127#M340 mivaldi 2018-05-31T15:58:59Z