topic Re: Antivirus Policy - Action based on Severity Level in General Topics https://live.paloaltonetworks.com/t5/general-topics/antivirus-policy-action-based-on-severity-level/m-p/358621#M87900 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/126353">@Matko-DoJ</a>,</P> <P>So first and foremost, I would recommend upgrading to the latest antivirus content update. 3509-4020 was giving us a lot of false positives that were reported to PAN, with 3510-4021 which was pushed out yesterday those issues have gone away with signature updates to address the false-positive reports.</P> <P>Second, I would always recommend reporting false-positives over lowering your security posture. You can temporarily exclude virus exceptions where you actually need to due to false-positives until they get updated, but I wouldn't just lower my security due to them. Exclude the threat IDs causing a problem and report them to TAC so the signatures can get updated.</P> <P>&nbsp;</P> <P>Now to your direct question, this would be a feature request that you raise with your SE. I'm not aware of a feature request already being present for this feature, but if there was one it's your SE's job to find it so they can add your vote to it or create a new request.&nbsp;</P> Sat, 24 Oct 2020 17:00:47 GMT BPry 2020-10-24T17:00:47Z Antivirus Policy - Action based on Severity Level https://live.paloaltonetworks.com/t5/general-topics/antivirus-policy-action-based-on-severity-level/m-p/358361#M87874 <P>Hey All,</P><P>we have Antivirus policy in place and we are seeing many, what we believe are, false positives. Mostly on PDF files. Since number is rather high, reporting each one seems a bit excessive. What they all have in common is their severity which is MEDIUM.<BR />With that said, our approach would be to deny only HIGH and CRITICAL severity event and allow the rest.<BR /><BR />The problem is I can't find the option to block viruses based on Severity Level (the same option exists for AntiSpyware for example). And virus severity level is clearly visible in Threat Logs.<BR /><BR />Would this qualify as a Feature Request or is it already available ?<BR /><BR />Thanks!</P> Fri, 23 Oct 2020 08:54:28 GMT https://live.paloaltonetworks.com/t5/general-topics/antivirus-policy-action-based-on-severity-level/m-p/358361#M87874 Matko-DoJ 2020-10-23T08:54:28Z Re: Antivirus Policy - Action based on Severity Level https://live.paloaltonetworks.com/t5/general-topics/antivirus-policy-action-based-on-severity-level/m-p/358621#M87900 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/126353">@Matko-DoJ</a>,</P> <P>So first and foremost, I would recommend upgrading to the latest antivirus content update. 3509-4020 was giving us a lot of false positives that were reported to PAN, with 3510-4021 which was pushed out yesterday those issues have gone away with signature updates to address the false-positive reports.</P> <P>Second, I would always recommend reporting false-positives over lowering your security posture. You can temporarily exclude virus exceptions where you actually need to due to false-positives until they get updated, but I wouldn't just lower my security due to them. Exclude the threat IDs causing a problem and report them to TAC so the signatures can get updated.</P> <P>&nbsp;</P> <P>Now to your direct question, this would be a feature request that you raise with your SE. I'm not aware of a feature request already being present for this feature, but if there was one it's your SE's job to find it so they can add your vote to it or create a new request.&nbsp;</P> Sat, 24 Oct 2020 17:00:47 GMT https://live.paloaltonetworks.com/t5/general-topics/antivirus-policy-action-based-on-severity-level/m-p/358621#M87900 BPry 2020-10-24T17:00:47Z