I've double checked and we don't have any attack signature in staging.
The issue is that I don't understand the order, or precedence, of things -
Wildcard parameter setting is set to Ignore Value, but the settings of the specific URL are set to Check Attack Signatures, and there are many attack signatures which relates to the parameters section of the URL (example in screenshot).
Do you have the violation enabled in the blocking panel for this specific protection at URL Level? if the configuration is not the problem I recommend you open a support ticket, it could be a specific bug in your version.
The configuration you have is correct, in ASM and all modules more specific is equal to first processing, wildcard will never be processed if a parameter, URL, File Type, Header, Cookie, etc is first than this,