topic Re: Antivirus Security Profile Exception in General Topics

Antivirus Security Profile Exception

JohnPa — Fri, 13 Feb 2015 16:37:48 GMT

I want to create an exception action for a specific antivirus ID (which happens to be outbound traffic). The default action is “alert” and I want this one ID to be “drop”. This is possible for the spyware and vulnerability profiles, but my problem is that it looks like the antivirus security profile exceptions are ONLY “allow”. How can I configure the PA to “drop” only one specific antivirus-ID?

Re: Antivirus Security Profile Exception

hyadavalli — Fri, 13 Feb 2015 17:03:11 GMT

Hello John,

As far as I know you can do an exception based on application and specify whatever action you want but not specific to an ID for antivirus profile.

Regards,

Hari Yadavalli

Re: Antivirus Security Profile Exception

JohnPa — Fri, 13 Feb 2015 17:08:58 GMT

Yes, I think I can specify an action for an entire "application" that registers any virus, but that is very broad and this would cover ALL virus-signatures for all SMTP traffic (In this case) and I don’t really want to do that. Is there any way to apply finer granularity to it?