Increased FP's for Wildfire Viruses

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Increased FP's for Wildfire Viruses

L4 Transporter

Has anyone noticed an increase in the number of false-positives being generated by Wildfire in the last few weeks?

 

I seem to be getting a increased number of alerts for WF learnt viruses on apps that have never caused issues before.  Always worried that it is indeed a real alert, but as far as we can tell it's not.

 

Just wondering if anyone else has had something similar and\or if anyone knows if PA have deployed new detection criteria etc?

 

Thanks

2 REPLIES 2

L7 Applicator

Hello there. I'm with the Palo Alto Networks Support team.

Please open a Support case with us and share the samples you observed as False Positives to ensure that we can identify the issue, and provide with a fix that will prevent samples like yours from being incorrectly classified.

L1 Bithead

Same here. TAC cases logged for batches of false positives. Also seeing an increase in wildfire-virus FP's. It's due to "signature collisions". The fix is not great. You must exempt the signatures that cause false positives. It's matching elements in a benign document and flagging those as malicious.

  • 3898 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!