https://live.paloaltonetworks.com/t5/general-topics/false-positive-virus-pdf/m-p/450978#M101099 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/192671">@Alpalo</a> ,</P> <P>&nbsp;</P> <P>If this is a false positive you should gather the PCAP from the threat log and send it to support for analysis so they can get the signature fixed.&nbsp; If packet capture isn't enabled then you can enable it in the security profile.</P> <P>&nbsp;</P> <P>As a workaround you can create an exception until the false positive is fixed:</P> <P><A href="https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/threat-prevention/create-threat-exceptions.html" target="_blank">https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/threat-prevention/create-threat-exceptions.html</A></P> <P>&nbsp;</P> <P>Hope it helps,</P> <P>-Kiwi.</P> <P>&nbsp;</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Thu, 02 Dec 2021 15:15:15 GMT kiwi 2021-12-02T15:15:15Z https://live.paloaltonetworks.com/t5/general-topics/false-positive-virus-pdf/m-p/450928#M101093 <P>Hello,<BR />We are detecting that several PDFs that we share on our internal network are being detected as VIRUS.</P><P>As we have the antivirus profile enabled in a security rule the session is reset .</P><P>Does anyone know how I can avoid this?</P><P>Regards</P> Thu, 02 Dec 2021 12:03:04 GMT https://live.paloaltonetworks.com/t5/general-topics/false-positive-virus-pdf/m-p/450928#M101093 Alpalo 2021-12-02T12:03:04Z https://live.paloaltonetworks.com/t5/general-topics/false-positive-virus-pdf/m-p/450978#M101099 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/192671">@Alpalo</a> ,</P> <P>&nbsp;</P> <P>If this is a false positive you should gather the PCAP from the threat log and send it to support for analysis so they can get the signature fixed.&nbsp; If packet capture isn't enabled then you can enable it in the security profile.</P> <P>&nbsp;</P> <P>As a workaround you can create an exception until the false positive is fixed:</P> <P><A href="https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/threat-prevention/create-threat-exceptions.html" target="_blank">https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/threat-prevention/create-threat-exceptions.html</A></P> <P>&nbsp;</P> <P>Hope it helps,</P> <P>-Kiwi.</P> <P>&nbsp;</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Thu, 02 Dec 2021 15:15:15 GMT https://live.paloaltonetworks.com/t5/general-topics/false-positive-virus-pdf/m-p/450978#M101099 kiwi 2021-12-02T15:15:15Z https://live.paloaltonetworks.com/t5/general-topics/false-positive-virus-pdf/m-p/451064#M101111 <P>Hello,</P> <P>Also if its being detected as one of the 'generic' definitions, then most likely its a false positive. Happens from time to time as the generic definitions are quit broad.</P> <P>Regards,</P> Thu, 02 Dec 2021 20:27:05 GMT https://live.paloaltonetworks.com/t5/general-topics/false-positive-virus-pdf/m-p/451064#M101111 OtakarKlier 2021-12-02T20:27:05Z