While you can use an WildFire and Antivirus profile
to exclude antivirus signatures from enforcement, you cannot change
the action is enforced for a specific antivirus signature. However,
you can define the enforceable action when viruses are found in
different types of traffic by editing the security profile
Enforcement Actions
.
Select
Manage
Configuration
NGFW and
Prisma Access
Security Services
WildFire and Antivirus
.
Add Profile
or select an existing
WildFire and Antivirus profile from which you want to exclude a
threat signature and go to the
Advanced Settings
tab.
From the
Signature Exceptions
menu,
Add
Exception
and provide the
Threat ID
for
the threat signature you want to exclude from enforcement. You can
optionally add notes to the signature exception.
Save
the signature exception
when you are finished.
A valid threat signature ID auto-populates the threat
name field. You can view a complete list of active signature exceptions
as well as
Delete
entries that are no longer
necessary.
Repeat to add additional exceptions or click
Save
after
all of your threat exceptions have been added.
Modify enforcement for vulnerability and spyware signatures (except DNS
signatures; while they are a type of spyware signature, DNS signatures are
handled through the DNS Security subscription in
Prisma Access
).
Select
Manage
Configuration
NGFW and
Prisma Access
Security Services
Anti-Spyware
or
Manage
Configuration
NGFW and
Prisma Access
Security Services
Vulnerability Protection
, depending upon the signature type.
Add Profile
or select an existing Anti-Spyware
or Vulnerability Protection profile from which you want to modify the
signature enforcement, and then select
Add
Override
.
Search for spyware or vulnerability signatures by providing the
relevant
Match Criteria
. This automatically
filters the available signatures and displays the results in the
Matching Signatures
section.
Select the check box for the signature(s) whose enforcement you want to
modify.
Provide the updated
Action
,
Packet
Capture
, and
IP Addresses
that
you want the modified enforcement rules to apply to for the selected
signatures.