End-of-Life (EoL)
Antivirus
Profiles
Antivirus profiles protect against viruses, worms, and
trojans as well as spyware downloads. Using a stream-based malware
prevention engine, which inspects traffic the moment the first packet
is received, the Palo Alto Networks antivirus solution can provide
protection for clients without significantly impacting the performance
of the firewall. This profile scans for a wide variety of malware
in executables, PDF files, HTML and JavaScript viruses, including
support for scanning inside compressed files and data encoding schemes.
If you have enabled Decryption on
the firewall, the profile also enables scanning of decrypted content.
The default profile inspects all of the listed protocol decoders
for viruses, and generates alerts for SMTP, IMAP, and POP3 protocols
while blocking for FTP, HTTP, and SMB protocols. You can configure
the action for a decoder or Antivirus signature and specify how
the firewall responds to a threat event:
Action | Description |
---|---|
Default | For each threat signature and Antivirus
signature that is defined by Palo Alto Networks, a default action
is specified internally. Typically, the default action is an alert
or a reset-both. The default action is displayed in parenthesis,
for example default (alert) in the threat or Antivirus signature. |
Allow | Permits the application traffic. |
Alert | Generates an alert for each application
traffic flow. The alert is saved in the threat log. |
Drop | Drops the application traffic. |
Reset Client | For TCP, resets the client-side connection.
For UDP, drops the connection. |
Reset Server | For TCP, resets the server-side connection.
For UDP, drops the connection. |
Reset Both | For TCP, resets the connection on both client
and server ends. For UDP, drops the connection. |
Customized profiles can be used to minimize antivirus inspection
for traffic between trusted security zones, and to maximize the
inspection of traffic received from untrusted zones, such as the
internet, as well as the traffic sent to highly sensitive destinations,
such as server farms.
The Palo Alto Networks WildFire system also provides signatures
for persistent threats that are more evasive and have not yet been
discovered by other antivirus solutions. As threats are discovered
by WildFire, signatures are quickly created and then integrated
into the standard Antivirus signatures that can be downloaded by Threat
Prevention subscribers on a daily basis (sub-hourly for WildFire
subscribers).
Recommended For You
Recommended Videos
Recommended videos not found.