topic Higher gainer low threat in General Topics

Higher gainer low threat

jdprovine — Tue, 05 May 2015 17:59:22 GMT

If you have an app that is being seen a lot in the logs but has a low rating and is skewing you results is it possible to exclude it from the threat prevention analysis?

Re: Higher gainer low threat

gwesson — Tue, 05 May 2015 21:02:15 GMT

You could always configure a special security rule for that application, and don't assign a security profile to it. It would need to be above any more generic rule that application would match, to prevent it from getting hit by the wrong rule.

Policies > Security > Add

Configure the application to be the one you don't want to get details on

Do not select any profiles (unless you still want to do virus scanning, etc.)

Select logging as desired (none, or the default of log at session end)

-Greg Wesson

Re: Higher gainer low threat

jdprovine — Wed, 06 May 2015 12:31:16 GMT

Interested thought, it has and exceptions list but it does not seem to mean it is not letting it through but allowing a different actions than the original rule but ignoring it isn't an options