Tuning Inspection Policy elements to eliminate false positives
False positives are matches to rules and exceptions in Inspection Policy elements that are incorrect or irrelevant in your environment.
As the Inspection rules and exceptions are matched to traffic, there are always some false positives. By tuning the Inspection Policy element to the actual traffic and applications in your network environment, you can increase the relevance of inspection results greatly. To eliminate a false positive, you adjust either the Inspection Rules tree or the Exception rules depending on whether the change should be applied globally or to traffic between specific hosts. An easy way to create new Exceptions is to use an existing log entry as the basis: you can create Exceptions through the right-click menu of log entries.