CirrusHi, the ASM catch false positive attack "bad unescape" for such parameter, we need to bypass this signature at specific parameters and URL, not all security policy.
and what the consequences if we disabled it at the whole security policy?
Cirrocumulus"good unescape" is URL encoding - when ASCII string is present in the format %00 - %FF - each byte is replaced with % followed its hexadecimal value (see https://en.wikipedia.org/wiki/Percent-encoding)
"bad unescape" is a string which uses percent sign followed by two characters which are NOT 0-9 A-F. For example: %2R
This is usually a sign of potential evasion of filters and cross-site-scripting attack attempts, however can also be a false positive, for example: someone's password could be "100%secure" , so "%se" in that password can be detected as "bad unescape".
The best practice of course is to loosen the policy just on the URLs/fields where you are seeing false positives (which you are already doing). If you decide to disable blocking of this violation policy-wide I would still advise to keep the "Alert" flag on.
Hope this helps, Sam