05-25-2018 12:26 PM
Has anyone noticed an increase in the number of false-positives being generated by Wildfire in the last few weeks?
I seem to be getting a increased number of alerts for WF learnt viruses on apps that have never caused issues before. Always worried that it is indeed a real alert, but as far as we can tell it's not.
Just wondering if anyone else has had something similar and\or if anyone knows if PA have deployed new detection criteria etc?
Thanks
05-31-2018 09:28 AM
Hello there. I'm with the Palo Alto Networks Support team.
Please open a Support case with us and share the samples you observed as False Positives to ensure that we can identify the issue, and provide with a fix that will prevent samples like yours from being incorrectly classified.
07-30-2018 05:43 AM
Same here. TAC cases logged for batches of false positives. Also seeing an increase in wildfire-virus FP's. It's due to "signature collisions". The fix is not great. You must exempt the signatures that cause false positives. It's matching elements in a benign document and flagging those as malicious.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
