Set Up Antivirus, Anti-Spyware, and Vulnerability Protection (Cloud Management)

1. Use the credentials associated with your Palo Alto Networks support account and log in to the Strata Cloud Manager on the hub.
   The Threat Prevention subscription bundles the antivirus, anti-spyware, and vulnerability protection features in one license and is part of your Prisma Access subscription. For information about the applications and services offered with Prisma Access, refer to All Available Apps and Services. To verify subscriptions for which you have currently-active licenses, Check What’s Supported With Your License.
2. (Optional) Create custom security profiles for antivirus, anti-spyware, and vulnerability protection.
   Alternatively, you can use the predefined Best-Practice profiles.

   Transition safely to best practice Security profiles for the best security posture.

   • To create custom WildFire and Antivirus Profiles, select ManageConfigurationNGFW and Prisma AccessSecurity ServicesWildFire and Antivirus and Add Profile. Use the Antivirus profile transition steps to safely reach your goal.
   • To create custom Anti-Spyware Profiles, select ManageConfigurationNGFW and Prisma AccessSecurity ServicesAnti-Spyware and Add Profile. Use the Anti-Spyware profile transition steps to safely reach your goal.
   • To create custom Vulnerability Protection Profiles, select ManageConfigurationNGFW and Prisma AccessSecurity ServicesVulnerability Protection and Add Profile. Use the Vulnerability Protection profile transition steps to safely reach your goal.
3. Attach security profiles to your Security Policy Rules. Prisma Access enforces best practice security policy rules by default.
   When you configure a Security policy rule that uses a Vulnerability Protection profile to block connections when exploits or attempts to gain unauthorized access are detected, Prisma Access automatically blocks that traffic and logs those incidents (see Monitor Blocked IP Addresses).
   1. Select ManageConfigurationNGFW and Prisma AccessSecurity ServicesSecurity Policy and select the rule you want to modify or Add Rule.
   2. In Action and Advanced Inspection, select the Profile Group and that includes the following security profiles: WildFire and Antivirus, Anti-Spyware, and Vulnerability Protection.
      You can create new Profile groups in ManageConfigurationNGFW and Prisma AccessSecurity ServicesProfile Groups. For more information, refer to Enable a Security Profile.

      By default, the best-practice profile group is enabled with the best-practice configuration for all available security profiles.

4. Commit your changes.