Increased FP's for Wildfire Viruses

Announcements
Attention: Our Customer Support Portal (CSP) is currently experiencing intermittent login disruptions, and we are actively working towards a solution. We appreciate your patience and apologize for any inconvenience this may cause.
L4 Transporter

Increased FP's for Wildfire Viruses

Has anyone noticed an increase in the number of false-positives being generated by Wildfire in the last few weeks?

 

I seem to be getting a increased number of alerts for WF learnt viruses on apps that have never caused issues before.  Always worried that it is indeed a real alert, but as far as we can tell it's not.

 

Just wondering if anyone else has had something similar and\or if anyone knows if PA have deployed new detection criteria etc?

 

Thanks

L6 Presenter

Re: Increased FP's for Wildfire Viruses

Hello there. I'm with the Palo Alto Networks Support team.

Please open a Support case with us and share the samples you observed as False Positives to ensure that we can identify the issue, and provide with a fix that will prevent samples like yours from being incorrectly classified.

L1 Bithead

Re: Increased FP's for Wildfire Viruses

Same here. TAC cases logged for batches of false positives. Also seeing an increase in wildfire-virus FP's. It's due to "signature collisions". The fix is not great. You must exempt the signatures that cause false positives. It's matching elements in a benign document and flagging those as malicious.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!