Palo Alto Networks Knowledgebase: What is a signature collision?

What is a signature collision?

Created On 09/26/18 19:13 PM - Last Updated 09/26/18 20:38 PM
Categories:  WildFire


What is a signature collision?


It is possible to occassionally see an anti-virus or Wildfire anti-virus signature triggering on a sample that has never been submitted to Wildfire, and is not malicious. This is due to the fact that the sample may contain similar patterns, in a similar structure, to a sample that a signature was generated for. When this occurs, this is known as a signature collision. 


Signatures in which non-malicious samples are colliding can either have an exception created for them (Reference "Antivirus Exceptions"), or they can be escalated to Palo Alto Networks support following the instructions in How to submit an Anti-Virus false positive.


  • Print
  • Copy Link

Change Language: