https://live.paloaltonetworks.com/t5/general-topics/pa500-says-virus-virus-total-says-no/m-p/44674#M32791 <HTML><HEAD></HEAD><BODY><P>Support mechanism of PANW is rather simple - contact your reseller as he probably is your first line of support.</P></BODY></HTML> Wed, 18 Jun 2014 15:05:28 GMT Retired Member 2014-06-18T15:05:28Z https://live.paloaltonetworks.com/t5/general-topics/pa500-says-virus-virus-total-says-no/m-p/44666#M32783 <HTML><HEAD></HEAD><BODY><P>We have a bunch of files that we created that we need to upload via ftp to a remote server through the PA. </P><P></P><P>The files trip the virus detector in the PA.&nbsp; Here's a syslog entry with some identifying information changed:</P><P></P><P>2014-06-16T15:22:31+10:00 10.84.1.33 [user warning] 22:31,000XXXXXXX,THREAT,virus,1,2014/06/16 15:22:25,10.84.20.250,50.28.93.0,0.0.0.0,0.0.0.0,I2E-ftp-rule-ftp,,,ftp,vsys1,Interior,External,ethernet1/2,ethernet1/1,mylog,2014/06/16 15:22:30,41521,1,36871,32182,0,0,0x0,tcp,deny,"myfile-06.06.0000-Beta-win64.exe",Virus/Win32.WGeneric.cpfjf(2455553),any,medium,client-to-server,236674,0x0,10.0.0.0-10.255.255.255,United States,0,</P><P></P><P>I scanned these files with several AV programs including clamav and I was able to upload it to virustotal (through the PA!) where it scanned completely clean.</P><P></P><P>If I turn off virus checking on our ftp rule then someone may be able to download files with viruses so I don't want to do that but we need these files uploaded.</P><P></P><P>How to do that?</P></BODY></HTML> Mon, 16 Jun 2014 06:31:14 GMT https://live.paloaltonetworks.com/t5/general-topics/pa500-says-virus-virus-total-says-no/m-p/44666#M32783 gmoss 2014-06-16T06:31:14Z https://live.paloaltonetworks.com/t5/general-topics/pa500-says-virus-virus-total-says-no/m-p/44667#M32784 <HTML><HEAD></HEAD><BODY><P>Hello <A href="https://live.paloaltonetworks.com/u1/14296">gmoss</A>,</P><P></P><P>Instead turning off the AV scan for the entire rule, you can put a threat exception for that Threat ID (2455553) in the relevant AV profile. </P><P></P><P>Here is a document that explains the same:</P><P><A href="https://live.paloaltonetworks.com/docs/DOC-3699">How to Add a Threat Exceptions</A></P><P></P><P></P><P>Or you can also exempt the IP addresses for that threat, so that exception is applied to a particular set of source and destination IP addresses. This is&nbsp; more granular approach than the previous one:</P><P><A href="https://live.paloaltonetworks.com/docs/DOC-5235">How To Add Exempt IP Addresses From the Threat Monitor Logs</A></P><P></P><P>Hope that helps.</P><P></P><P></P><P></P><P>Thanks and regards,</P><P>Kunal Adak</P></BODY></HTML> Mon, 16 Jun 2014 15:01:13 GMT https://live.paloaltonetworks.com/t5/general-topics/pa500-says-virus-virus-total-says-no/m-p/44667#M32784 kadak 2014-06-16T15:01:13Z https://live.paloaltonetworks.com/t5/general-topics/pa500-says-virus-virus-total-says-no/m-p/44668#M32785 <HTML><HEAD></HEAD><BODY><P>Adding a threat exception means that if we ever get one of those we wouldn't be protected.</P><P></P><P>I want to be able to upload OK but have files tested on download.</P><P></P><P>Your answer, while helpful, doesn't answer the problem that we created these files and no-one else could find a virus in them. </P><P></P><P>I tried the "how to add exempt ip addresses" but it didn't work.&nbsp; I never get anything in the lower boxes and I never get an add button.</P><P></P><P>I created a new AV profile for this rule with this virus exempted from the list.&nbsp; But as I said, this won't protect us in the case someone tries to download a file that really has this virus.</P></BODY></HTML> Tue, 17 Jun 2014 00:52:49 GMT https://live.paloaltonetworks.com/t5/general-topics/pa500-says-virus-virus-total-says-no/m-p/44668#M32785 gmoss 2014-06-17T00:52:49Z https://live.paloaltonetworks.com/t5/general-topics/pa500-says-virus-virus-total-says-no/m-p/44669#M32786 <HTML><HEAD></HEAD><BODY><P>Hello Gmoss,</P><P></P><P>Yes, you are correct. If you add<SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;"> a threat exception, that means, for the time being you&nbsp; wouldn't be protected. But, you always have an option to open a support case and provide detail information to modify the database in future release. </SPAN></P><P><SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;"><BR /></SPAN></P><P><SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;">Secondly, there is no option to add exempt ip address on "Anti-Virus" profile. That option is avilable for "Vulnerability-profile".</SPAN></P><P><SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;"><BR /></SPAN></P><P><SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;">FYI:</SPAN></P><P><SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;"><IMG alt="antivirus.JPG" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/13956_antivirus.JPG" style="height: 400px; width: 620px;" /><BR /></SPAN></P><P></P><P>Hope this helps.</P><P></P><P>Thanks</P></BODY></HTML> Tue, 17 Jun 2014 02:29:32 GMT https://live.paloaltonetworks.com/t5/general-topics/pa500-says-virus-virus-total-says-no/m-p/44669#M32786 HULK 2014-06-17T02:29:32Z https://live.paloaltonetworks.com/t5/general-topics/pa500-says-virus-virus-total-says-no/m-p/44670#M32787 <HTML><HEAD></HEAD><BODY><P>It'd be good to open a support case but how do I do that?&nbsp; Every time I use this site everything has changed.&nbsp; When I try and make a support case I get redirected to salesforce.com and I have no login there.</P></BODY></HTML> Wed, 18 Jun 2014 01:41:52 GMT https://live.paloaltonetworks.com/t5/general-topics/pa500-says-virus-virus-total-says-no/m-p/44670#M32787 gmoss 2014-06-18T01:41:52Z https://live.paloaltonetworks.com/t5/general-topics/pa500-says-virus-virus-total-says-no/m-p/44671#M32788 <HTML><HEAD></HEAD><BODY><P><SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;">Hello Gmoss,</SPAN></P><P><SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;"><BR /></SPAN></P><P><SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;">If you have a valid support contact with PAN ,Please login into <A href="https://support.paloaltonetworks.com/" title="https://support.paloaltonetworks.com/">https://support.paloaltonetworks.com/</A> and go to Case-Management. There you can create a&nbsp; new support case.</SPAN></P><P><SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 10pt; line-height: 1.5em;">OR</SPAN></P><P><SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;"><SPAN>Please drop an email to </SPAN><A class="jive-link-email-small" href="mailto:support@paloaltonetworks.com">support@paloaltonetworks.com</A><SPAN>.</SPAN></SPAN></P><P><SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;"><BR /></SPAN></P><P><SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;">Thanks<BR /></SPAN></P></BODY></HTML> Wed, 18 Jun 2014 01:50:23 GMT https://live.paloaltonetworks.com/t5/general-topics/pa500-says-virus-virus-total-says-no/m-p/44671#M32788 HULK 2014-06-18T01:50:23Z https://live.paloaltonetworks.com/t5/general-topics/pa500-says-virus-virus-total-says-no/m-p/44672#M32789 <HTML><HEAD></HEAD><BODY><P>Like I said when I go there and click on case management I get redirected to a salesforce.com login page.&nbsp; I have no idea what to do then&nbsp; I have no salesforce login.</P><P></P><P>I finally got the redirect to work but I can't apparently log a case because my support has to go through another company.</P></BODY></HTML> Wed, 18 Jun 2014 02:54:42 GMT https://live.paloaltonetworks.com/t5/general-topics/pa500-says-virus-virus-total-says-no/m-p/44672#M32789 gmoss 2014-06-18T02:54:42Z https://live.paloaltonetworks.com/t5/general-topics/pa500-says-virus-virus-total-says-no/m-p/44673#M32790 <HTML><HEAD></HEAD><BODY><P>When you click on the Case Management link, you should be taken to the following page.</P><P><IMG alt="2014-06-18_07-42-09.png" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/13999_2014-06-18_07-42-09.png" style="height: 199px; width: 620px;" /></P><P>Click on the New Case button to open a case.</P><P></P><P>If you still encounter issues, open a case by calling Support.&nbsp; Refer to <A href="https://www.paloaltonetworks.com/company/contact-us.html" title="https://www.paloaltonetworks.com/company/contact-us.html">Contact Us</A> for Support phone numbers.</P></BODY></HTML> Wed, 18 Jun 2014 14:47:10 GMT https://live.paloaltonetworks.com/t5/general-topics/pa500-says-virus-virus-total-says-no/m-p/44673#M32790 panagent 2014-06-18T14:47:10Z https://live.paloaltonetworks.com/t5/general-topics/pa500-says-virus-virus-total-says-no/m-p/44674#M32791 <HTML><HEAD></HEAD><BODY><P>Support mechanism of PANW is rather simple - contact your reseller as he probably is your first line of support.</P></BODY></HTML> Wed, 18 Jun 2014 15:05:28 GMT https://live.paloaltonetworks.com/t5/general-topics/pa500-says-virus-virus-total-says-no/m-p/44674#M32791 Retired Member 2014-06-18T15:05:28Z