topic Re: Increased FP's for Wildfire Viruses in Advanced Threat Prevention Discussions

Increased FP's for Wildfire Viruses

apackard — Fri, 25 May 2018 19:26:53 GMT

Has anyone noticed an increase in the number of false-positives being generated by Wildfire in the last few weeks?

I seem to be getting a increased number of alerts for WF learnt viruses on apps that have never caused issues before. Always worried that it is indeed a real alert, but as far as we can tell it's not.

Just wondering if anyone else has had something similar and\or if anyone knows if PA have deployed new detection criteria etc?

Thanks

Re: Increased FP's for Wildfire Viruses

mivaldi — Thu, 31 May 2018 16:28:05 GMT

Hello there. I'm with the Palo Alto Networks Support team.

Please open a Support case with us and share the samples you observed as False Positives to ensure that we can identify the issue, and provide with a fix that will prevent samples like yours from being incorrectly classified.

Re: Increased FP's for Wildfire Viruses

Quinton-H2020 — Mon, 30 Jul 2018 12:43:45 GMT

Same here. TAC cases logged for batches of false positives. Also seeing an increase in wildfire-virus FP's. It's due to "signature collisions". The fix is not great. You must exempt the signatures that cause false positives. It's matching elements in a benign document and flagging those as malicious.