Threat & Vulnerability Discussions

Reply
L4 Transporter
Posts: 140
Registered: ‎09-23-2010

Increased FP's for Wildfire Viruses

Has anyone noticed an increase in the number of false-positives being generated by Wildfire in the last few weeks?

 

I seem to be getting a increased number of alerts for WF learnt viruses on apps that have never caused issues before.  Always worried that it is indeed a real alert, but as far as we can tell it's not.

 

Just wondering if anyone else has had something similar and\or if anyone knows if PA have deployed new detection criteria etc?

 

Thanks

L6 Presenter
Posts: 538
Registered: ‎04-03-2014

Re: Increased FP's for Wildfire Viruses

Hello there. I'm with the Palo Alto Networks Support team.

Please open a Support case with us and share the samples you observed as False Positives to ensure that we can identify the issue, and provide with a fix that will prevent samples like yours from being incorrectly classified.

L1 Bithead
Posts: 4
Registered: ‎11-17-2016

Re: Increased FP's for Wildfire Viruses

Same here. TAC cases logged for batches of false positives. Also seeing an increase in wildfire-virus FP's. It's due to "signature collisions". The fix is not great. You must exempt the signatures that cause false positives. It's matching elements in a benign document and flagging those as malicious.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!