Palo Alto Networks defines a recommended default action (such
as block or alert) for threat signatures. You can use a threat ID
to exclude a threat signature from enforcement or modify the action
that is enforced for that threat signature. For example, you can
modify the action for threat signatures that are triggering false
positives on your network.
Configure threat exceptions for antivirus, vulnerability, spyware,
and DNS signatures to change enforcement for a threat. However,
before you begin, make sure the threats are being properly detected
and enforced based on the default or best practice signature settings
for an optimum security posture: