How To Report Incorrect WildFire Verdict (virus false positive or false negative)

How To Report Incorrect WildFire Verdict (virus false positive or false negative)

74297
Created On 09/27/18 06:50 AM - Last Modified 03/12/25 03:36 AM


Objective


How to Report Incorrect False Positive or False Negative received for Wildfire Sample

Environment


  • WildFire services enabled

Procedure


You can quickly report these without opening a Support Cases from methods below:

 


Submit from the WildFire Portal


submit request via WildFire portal
 
  1. Go to the WildFire portal you are using: Global, CA, EU, UK, JP, SG, DE, IN, or AU
  2. Find the sample you wanted to change verdict for and click on the details so you can access the WildFire report
  3. Scroll down to the bottom of the page to follow the link to report an incorrect verdict
  4. Fill in the Verdict Change Request with a suggestion of a new verdict, your contact email, and a short explanation why you believe this verdict is incorrect. After the manual review is completed, a report will be sent to the email address you used here.
 


Submit from Panorama and Firewall

submit request via Panorama or Firewall
  1. Log into Panorama or Firewall, and go to Monitor > WildFire Submissions
  2. Find the log of the sample for which you want to change verdict and click on the icon to open detailed log view 
  3. Scroll down to the bottom of the WildFire Analysis Report and click “report an incorrect verdict” to find a new pop-up window
  4. Fill in the Verdict Change Request with a suggestion of a new verdict, your contact email, and a short explanation why you believe this verdict is incorrect. After the manual review is completed, a report will be sent to the email address you used here.
 


Submit from the Strata Cloud Manager





   

  1. Log into Hub, and go to Strata Cloud Manager > Monitor > IoC search
  2. Enter the file hash value which you want to change verdict on the top of the UI and search it
  3. Go to WildFire Analysis tab and select "Request for Verdict Change" if it appears in File Analysis Overview section
  4. Fill in the Verdict Change Request with a suggestion of a new verdict, your contact email, and a short explanation why you believe this verdict is incorrect. After the manual review is completed, a report will be sent to the email address you used here.
 


Submit from Cortex XDR/XSIAM

submit request via Cortex XDR portal
  1. Log into Cortex XDR/XSIAM; in the Incident with a wrong verdict for a sample
  2. Open detailed WildFire Analysis Report for the sample with the wrong verdict,
  3. Use a button “Report Verdict as Incorrect” to open a new menu
  4. Fill in the Verdict Change Request with a suggestion of a new verdict, your contact email, and a short explanation why you believe this verdict is incorrect. After the manual review is completed, a report will be sent to the email address you used here.

Additional Information


How To Provide Evidence Of An Incorrect WildFire Verdict From VirusTotal
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm7KCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language