>
    PAN-OS & Panorama
    Focus
    Download PDF
    Focus
    1. Home
    2. Advanced Threat Prevention
    3. Configure Threat Prevention
    4. Create Threat Exceptions
    5. PAN-OS & Panorama
    Download PDF
    Advanced Threat Prevention

    PAN-OS

    Table of Contents

    PAN-OS & Panorama

    1. Exclude antivirus signatures from enforcement.
      While you can use an Antivirus profile to exclude antivirus signatures from enforcement, you cannot change the action the firewall enforces for a specific antivirus signature. However, you can define the action for the firewall to enforce for viruses found in different types of traffic by editing the Decoders (
      Objects
      Security Profiles
      Antivirus
      > <antivirus-profile> > Antivirus
      ).
      1. Select
        Objects
        Security Profiles
        Antivirus
        .
      2. Add
         or modify an existing Antivirus profile from which you want to exclude a threat signature and select
        Signature Exceptions
        .
      3. Add
         the
        Threat ID
         for the threat signature you want to exclude from enforcement.
      4. Click
        OK
         to save the Antivirus profile.
    2. Modify enforcement for vulnerability and spyware signatures (except DNS signatures; skip to the next option to modify enforcement for DNS signatures, which are a type of spyware signature).
      1. Select
        Objects
        Security Profiles
        Anti-Spyware
         or
        Objects
        Security Profiles
        Vulnerability Protection
        .
      2. Add
         or modify an existing Anti-Spyware or Vulnerability Protection profile from which you want to exclude the threat signature and then select either
        Signature Exceptions
         for Anti-Spyware Protection profiles or
        Exceptions
         for Vulnerability Protection profiles.
      3. Show all signatures
         and then filter to select the signature for which you want to modify enforcement rules.
      4. Check the box under the
        Enable
         column for the signature whose enforcement you want to modify.
      5. Select the
        Action
         you want the firewall to enforce for this threat signature.
        For signatures that you want to exclude from enforcement because they trigger false positives, set the
        Action
         to
        Allow
        .
      6. Click
        OK
         to save your new or modified Anti-Spyware or Vulnerability Protection profile.
    3. Modify enforcement for DNS signatures.
      By default, the DNS lookups to malicious hostnames that DNS signatures are detect are sinkholed.
      1. Select
        Objects
        Security Profiles
        Anti-Spyware
        .
      2. Add
         or modify the Anti-Spyware profile from which you want to exclude the threat signature, and select
        DNS Exceptions
        .
      3. Search for the DNS Threat ID for the DNS signature that you want to exclude from enforcement and select the box of the applicable signature:
      4. Click
        OK
         to save your new or modified Anti-Spyware profile.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.