Security Profile: Antivirus
Focus
Focus
Network Security

Security Profile: Antivirus

Table of Contents

Security Profile: Antivirus

Where Can I Use This?
What Do I Need?
  • NGFW (Cloud Managed)
  • NGFW (PAN-OS & Panorama Managed)
  • Prisma Access (Cloud Managed)
  • Prisma Access (Panorama Managed)
Check for any license or role requirements for the products you're using.
Antivirus profiles protect against viruses, worms, and trojans as well as spyware downloads. Using a stream-based malware prevention engine, which inspects traffic the moment the first packet is received, the Palo Alto Networks antivirus solution can provide protection for clients without significantly impacting the performance. This profile scans for a wide variety of malware in executables, PDF files, HTML and JavaScript viruses, including support for scanning inside compressed files and data encoding schemes. If you have enabled decryption, the profile also enables scanning of decrypted content.
To configure any Security Profile, go to:
  • Manage
    Configuration
    NGFW and Prisma Access
    Security Services
    on Cloud Managed deployments.
  • Objects
    Security Profiles
    on PAN-OS and Panorama Managed deployments.
The default profile inspects all of the listed protocol decoders for viruses, and generates alerts for SMTP, IMAP, and POP3 protocols while blocking for FTP, HTTP, and SMB protocols. You can configure the action for a decoder or Antivirus signature and specify how to respond to a threat event:
  • Default
    —For each threat signature and Antivirus signature that is defined by Palo Alto Networks, a default action is specified internally. Typically, the default action is an alert or a reset-both. The default action is displayed in parenthesis, for example default (alert) in the threat or Antivirus signature.
  • Allow
    —Permits the application traffic.
    The
    Allow
    action does not generate logs related to the signatures or profiles.
  • Alert
    —Generates an alert for each application traffic flow. The alert is saved in the threat log.
  • Drop
    —Drops the application traffic.
  • Reset Client
    —For TCP, resets the client-side connection. For UDP, drops the connection.
  • Reset Server
    —For TCP, resets the server-side connection. For UDP, drops the connection.
  • Reset Both
    —For TCP, resets the connection on both client and server ends. For UDP, drops the connection.
Customized profiles can be used to minimize antivirus inspection for traffic between trusted security zones, and to maximize the inspection of traffic received from untrusted zones, such as the internet, as well as the traffic sent to highly sensitive destinations, such as server farms.
The Palo Alto Networks WildFire system also provides signatures for persistent threats that are more evasive and have not yet been discovered by other antivirus solutions. As threats are discovered by WildFire, signatures are quickly created and then integrated into the standard Antivirus signatures that can be downloaded by Threat Prevention subscribers on a daily basis (sub-hourly for WildFire subscribers).

Recommended For You