Focus

Create Threat Exceptions

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 9.1
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1

Threat Signature Categories

Custom Signatures

Create Threat Exceptions

Palo Alto Networks defines a recommended default action (such as block or alert) for threat signatures. You can use a threat ID to exclude a threat signature from enforcement or modify the action the firewall enforces for that threat signature. For example, you can modify the action for threat signatures that are triggering false positives on your network.

Configure threat exceptions for antivirus, vulnerability, spyware, and DNS signatures to change firewall enforcement for a threat. However, before you begin, make sure the firewall is detecting and enforcing threats based on the default signature settings:

Get the latest Antivirus, Threats and Applications, and WildFire signature updates.

Set Up Antivirus, Anti-Spyware, and Vulnerability Protection and apply these security profiles to your security policy.

Exclude antivirus signatures from enforcement.

While you can use an Antivirus profile to exclude antivirus signatures from enforcement, you cannot change the action the firewall enforces for a specific antivirus signature. However, you can define the action for the firewall to enforce for viruses found in different types of traffic by editing the Decoders (

Objects

Security Profiles

Antivirus

> <antivirus-profile> > Antivirus

Select

Objects

Security Profiles

Antivirus

Add

or modify an existing Antivirus profile from which you want to exclude a threat signature and select

Signature Exceptions

Add

the

Threat ID

for the threat signature you want to exclude from enforcement.

Click

to save the Antivirus profile.

Modify enforcement for vulnerability and spyware signatures (except DNS signatures; skip to the next option to modify enforcement for DNS signatures, which are a type of spyware signature).

Select

Objects

Security Profiles

Anti-Spyware

Objects

Security Profiles

Vulnerability Protection

Add

or modify an existing Anti-Spyware or Vulnerability Protection profile from which you want to exclude the threat signature and then select either

Signature Exceptions

for Anti-Spyware Protection profiles or

Exceptions

for Vulnerability Protection profiles.

Show all signatures

and then filter to select the signature for which you want to modify enforcement rules.

Check the box under the

Enable

column for the signature whose enforcement you want to modify.

Select the

Action

you want the firewall to enforce for this threat signature.

For signatures that you want to exclude from enforcement because they trigger false positives, set the

Action

Allow

Click

to save your new or modified Anti-Spyware or Vulnerability Protection profile.

Modify enforcement for DNS signatures.

By default, the DNS lookups to malicious hostnames that DNS signatures are detect are sinkholed.

Select

Objects

Security Profiles

Anti-Spyware

Add

or modify the Anti-Spyware profile from which you want to exclude the threat signature, and select

DNS Exceptions

Search for the DNS Threat ID for the DNS signature that you want to exclude from enforcement and select the box of the applicable signature:

Click

to save your new or modified Anti-Spyware profile.

Threat Signature Categories

Custom Signatures

Next-Generation Firewall Docs

Create Threat Exceptions

Next-Generation Firewall Docs

Create Threat Exceptions

Recommended For You

Activation and Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner