https://live.paloaltonetworks.com/t5/general-topics/custom-vulnerability-protection/m-p/147112#M49319 <P>Hi,</P><P>I've made a custum VP and included into my VP group. In security policy I have applied the standard one (NOT my personal VP) to a security policy but when I go in monitor threat I see that matched also the custom VP. Why??</P> Fri, 10 Mar 2017 16:31:00 GMT s_quasar 2017-03-10T16:31:00Z https://live.paloaltonetworks.com/t5/general-topics/custom-vulnerability-protection/m-p/147112#M49319 <P>Hi,</P><P>I've made a custum VP and included into my VP group. In security policy I have applied the standard one (NOT my personal VP) to a security policy but when I go in monitor threat I see that matched also the custom VP. Why??</P> Fri, 10 Mar 2017 16:31:00 GMT https://live.paloaltonetworks.com/t5/general-topics/custom-vulnerability-protection/m-p/147112#M49319 s_quasar 2017-03-10T16:31:00Z https://live.paloaltonetworks.com/t5/general-topics/custom-vulnerability-protection/m-p/147349#M49365 <P>I guess you've set flags for your custom VP in a way that some rule in general (default) protection profile matches them.</P> Mon, 13 Mar 2017 07:38:35 GMT https://live.paloaltonetworks.com/t5/general-topics/custom-vulnerability-protection/m-p/147349#M49365 santonic 2017-03-13T07:38:35Z https://live.paloaltonetworks.com/t5/general-topics/custom-vulnerability-protection/m-p/147370#M49380 <P>a custom vulnerability works pretty much the same way as a custom URL category: it automatically gets added to all Vulnerability profiles.</P> <P>If you only want a specific profile to enforce upon it, you should set the default action of the custom vulnerability&nbsp;to alert (no action) or allow (no action + no logging) and then manually set an action (drop, reset ,..) in the profile you want to use for enforcement.</P> <P>&nbsp;</P> Mon, 13 Mar 2017 09:02:54 GMT https://live.paloaltonetworks.com/t5/general-topics/custom-vulnerability-protection/m-p/147370#M49380 reaper 2017-03-13T09:02:54Z