WildFire may occasionally produce incorrect verdicts, these being false positives, such as a file deemed 'malware' when it's 'benign' or false negatives, such as a file deemed "benign" when it's "malware."
If the verdict needs to be reconsidered by Palo Alto Networks, Aperture Administrators are able to request a verdict change from within their Aperture Portal.
Environment
Cause
Resolution
Follow the steps listed below to submit a WildFire verdict change request on a malware policy violation:
Access the Aperture Portal:
Inside of the portal, click the INCIDENTS>Assets tab:
Select the malware file violation by clicking on the file name
Under Risks, click View WildFire Report (not pictured)
Click Report Incorrect Verdict
Select Suggested Verdict from the dropdown
Enter a valid email address (status update notifications will be sent to this email alias):
Additional comments or details (Optional)
Click Submit
Once the report is successfully submitted into the system, the request will be analyzed by the WildFire team. After the analysis is complete, the administrator who made the request will be updated by email and the status will be updated in the Aperture Portal.