Usually its a matter of looking at the security events in the Security Centre in the Meraki Dashboard, and then whitelisting those IPS signatures.
Of course, you first have to satisfy yourself that the alerts are false and the PDFs don't actually contain a threat.