Incorrect WildFire Verdicts - Traps 3.3

Incorrect WildFire Verdicts - Traps 3.3

10084
Created On 09/25/18 19:03 PM - Last Modified 04/20/20 23:58 PM


Resolution


 Affected versions

Traps 3.3

 

Issue

Traps is integrated with WildFire in order to provide access to its database of signatures and real-time analysis of potential malware.  WildFire may detect a file as malware that the admin believes is benign, or vice versa. Depending on the WildFire policy settings in Traps, this might trigger a notification or a termination of the suspected malware.

 

Resolution

If the malware detection is blocking a user's workflow and the admin is confident the file is benign, they can perform a manual override. This option is located under Policies > Malware > Hash Control.  Select the hash in question, and then click the Allow button. A file with this hash will then always be allowed to run by the ESM.

 

Administrators should report incorrect verdicts using the 'Report as Incorrect' button, located under Policies > Malware > Hash Control. Select the hash in question and then click the Report Incorrect Verdict button. This will flag the file for review. Administrators can submit their email addresses to receive the results of the investigation.

 

Hash_to_use.png

 

Useful information to include to help the review process includes:

  • Results from VirusTotal or other malware verification services.
  • Whether the file was created internally.
  • Whether the file is from a known trusted source.

 

reportIncorrect2.png

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClThCAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language