topic Re: Wildfire Virus detected on firewall but not on Wildfire Portal in General Topics https://live.paloaltonetworks.com/t5/general-topics/wildfire-virus-detected-on-firewall-but-not-on-wildfire-portal/m-p/353698#M87350 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/145941">@FMueller</a>,</P> <P>I'd recommend reaching out to TAC and creating a false-positive report. The generic signatures are exactly that, generic. When you submit a file to WildFire it actually goes through a full sandbox analysis and these generic signatures really aren't used.&nbsp;</P> Sat, 03 Oct 2020 03:54:56 GMT BPry 2020-10-03T03:54:56Z Wildfire Virus detected on firewall but not on Wildfire Portal https://live.paloaltonetworks.com/t5/general-topics/wildfire-virus-detected-on-firewall-but-not-on-wildfire-portal/m-p/353683#M87349 <P>Hi,</P><P>&nbsp;</P><P>the file t32.exe is considered as wildfire-virus Win32.WPCGeneric.cnp and blocked on the firewall.</P><P>But when checking this file on Virustotal and eu.wildfire.paloaltonetworks.com/wildfire/ it is considered as benign.</P><P>&nbsp;</P><P><A href="https://www.virustotal.com/gui/file/352df104254095ddf925514d99bfb5411c95b5386e90caf06557979f82e16844/detection" target="_blank">https://www.virustotal.com/gui/file/352df104254095ddf925514d99bfb5411c95b5386e90caf06557979f82e16844/detection</A></P><P>The file is part of the pip wheel <A href="https://pypi.org/project/pip/20.1/#files" target="_blank">https://pypi.org/project/pip/20.1/#files</A>.</P><P>&nbsp;</P><P>What could&nbsp; cause this behaviour? I have the latest wildfire updates installed on the firewall.</P> Sat, 03 Oct 2020 01:46:11 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-virus-detected-on-firewall-but-not-on-wildfire-portal/m-p/353683#M87349 FMueller 2020-10-03T01:46:11Z Re: Wildfire Virus detected on firewall but not on Wildfire Portal https://live.paloaltonetworks.com/t5/general-topics/wildfire-virus-detected-on-firewall-but-not-on-wildfire-portal/m-p/353698#M87350 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/145941">@FMueller</a>,</P> <P>I'd recommend reaching out to TAC and creating a false-positive report. The generic signatures are exactly that, generic. When you submit a file to WildFire it actually goes through a full sandbox analysis and these generic signatures really aren't used.&nbsp;</P> Sat, 03 Oct 2020 03:54:56 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-virus-detected-on-firewall-but-not-on-wildfire-portal/m-p/353698#M87350 BPry 2020-10-03T03:54:56Z