https://live.paloaltonetworks.com/t5/general-topics/wildfire-file-exceptions/m-p/19970#M14548 <HTML><HEAD></HEAD><BODY><P><A href="https://live.paloaltonetworks.com/u1/19491">HULK</A> thank you for the information.&nbsp; From what I am seeing in the threat logs, the ID is unique to each exception, and cannot possibly capture each one in a single exception.&nbsp; Can you provide a bit more detail on the Threat ID, to ensure I am looking at the right information?</P><P></P><P>Thanks</P></BODY></HTML> Thu, 22 Aug 2013 12:22:27 GMT jholmes 2013-08-22T12:22:27Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-file-exceptions/m-p/19968#M14546 <HTML><HEAD></HEAD><BODY><P>Hey everyone, sorry if this was posted before and missed it in searching.</P><P></P><P>I am receiving an enormous number of alerts from Wildfire, due to an internal application that our desktop engineering created.&nbsp; Its more or less is just an exe that creates short cuts to our internal HR portal, which Wildfire believes to be malware.</P><P></P><P>What I am looking for is a way that I can still continue to send up all PE files to Wildfire, but create an exception list of items that are known to be good, or can be flagged as benign like a trusted file.&nbsp; I am sure that I will run across this more and more, as we do a lot of custom packaging in our environment.</P><P></P><P>Any help would be appreciated.</P><P></P><P>Thanks</P><P>Jeremy</P></BODY></HTML> Wed, 21 Aug 2013 18:38:03 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-file-exceptions/m-p/19968#M14546 jholmes 2013-08-21T18:38:03Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-file-exceptions/m-p/19969#M14547 <HTML><HEAD></HEAD><BODY><P>HI,</P><P></P><P>Please collect&nbsp; threat ID from the PA firewall logs, which is generated by the PA due to that EXE file and PA firewall believes as a malware. </P><P></P><P>1. Put that ID and search under "Exceptions" TAB</P><P>2.&nbsp; Set appropriate action for it.</P><P>3. OK and commit the changes.</P><P></P><P>Example: <A href="https://live.paloaltonetworks.com/message/26273">Re: Adding Threat Exceptions</A></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <A href="https://live.paloaltonetworks.com/message/12408">Still no way to set SPECIFIC threat exceptions???</A></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <A href="https://live.paloaltonetworks.com/message/20826">Re: Threat exception for selected hosts</A></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <A href="https://live.paloaltonetworks.com/message/26494">Do I Understand Profile Exceptions?</A></P><P>For more info about wildfire, please follow below mentioned <SPAN class="GINGER_SOFATWARE_correct">document</SPAN>.</P><P></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-3094">Threat Prevention Deployment Tech Note</A></P><P></P><P>Thanks</P></BODY></HTML> Thu, 22 Aug 2013 01:24:01 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-file-exceptions/m-p/19969#M14547 HULK 2013-08-22T01:24:01Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-file-exceptions/m-p/19970#M14548 <HTML><HEAD></HEAD><BODY><P><A href="https://live.paloaltonetworks.com/u1/19491">HULK</A> thank you for the information.&nbsp; From what I am seeing in the threat logs, the ID is unique to each exception, and cannot possibly capture each one in a single exception.&nbsp; Can you provide a bit more detail on the Threat ID, to ensure I am looking at the right information?</P><P></P><P>Thanks</P></BODY></HTML> Thu, 22 Aug 2013 12:22:27 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-file-exceptions/m-p/19970#M14548 jholmes 2013-08-22T12:22:27Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-file-exceptions/m-p/19971#M14549 <HTML><HEAD></HEAD><BODY><P>Here is what I ended up doing to fix my situation.</P><P></P><P>1. Created an Address Group for my app deployment servers that were deploying the app.</P><P>2. Created 2 security rules in the "Pre" device rules, 1 rule for the app deployment servers as a source and 2nd rule as the app deployment servers as the destinations.</P><P>3. Did not associate the rules to a File Blocking profile, so no files coming from these servers get forwarded to Wildfire.</P><P></P><P>This seems to be working like a charm, and no further alerts.</P></BODY></HTML> Mon, 09 Sep 2013 15:48:56 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-file-exceptions/m-p/19971#M14549 jholmes 2013-09-09T15:48:56Z