What is a signature collision?

by rcole on ‎06-17-2016 06:34 AM - edited on ‎10-03-2016 06:20 PM by (7,109 Views)


What is a signature collision?


It is possible to occassionally see an anti-virus or Wildfire anti-virus signature triggering on a sample that has never been submitted to Wildfire, and is not malicious. This is due to the fact that the sample may contain similar patterns, in a similar structure, to a sample that a signature was generated for. When this occurs, this is known as a signature collision. 


Signatures in which non-malicious samples are colliding can either have an exception created for them (Reference "Antivirus Exceptions"), or they can be escalated to Palo Alto Networks support following the instructions in How to submit an Anti-Virus false positive.

Ignite 2018, Amsterdam, Netherlands
Ask Questions Get Answers Join the Live Community