Threat prevention

Reply
L4 Transporter

Threat prevention

I have downloaded and installed the threat prevention license, configured daily download of antivirus and the other downloads, created security profiles and added them to my security profiles. Everything is working except for the antivirus, its downloading and installing the definitions every day but I am not getting any information in my threat monitor for antivirus. I don't think I missed anything but let me know if anyone has any ideas.

Highlighted
L4 Transporter

Re: Threat prevention

Hi

You can test Your config by Eicar test AV http://www.eicar.org/86-0-Intended-use.html

Regards

SLawek

L4 Transporter

Re: Threat prevention

It collecting maleware and vulnerability data just fine it the antivirus portion of the threat prevention that isn't showing anything I don't think the link you gave me will help me to assure that my antivirus configuration is correct and working.

L4 Transporter

Re: Threat prevention

Opps - dorry for misunderstanding.

What about Monitor>System logs close to time when update of AV definition should be picked up?

Did You try to manually upload AV update?

What version of PAN are You using?

Please share with us screenshot of Dynamic Update

Ragards

Slawek

L4 Transporter

Re: Threat prevention

My PA version is 6.1.1. Its downloading and installing just fine it just now showing any data  in the threat monitor

L4 Transporter

Re: Threat prevention

Hi

what about Your security rules - does it have AV profile atached?

something like that:

2015-06-09_202910.png

in my example there is None - but You must chose one.

Regards

Slawek

L4 Transporter

Re: Threat prevention

Yes I have them created and added to my security policies

L4 Transporter

Re: Threat prevention

Lets do a test

Please try to dwonload http://www.eicar.org/download/eicar.com

If You really have proper configuration of AV profile atached to Your security polisy that allow Your computer to get internet access this Eicar file should be blocked

Please atache Your session detail with atempt to download Eicar file. My is:

2015-06-09_205547.png

L4 Transporter

Re: Threat prevention

I did the testing and confirmed with the PA service desk that it is configured correctly but still is not working  correctly

L4 Transporter

Re: Threat prevention

Slawek,

Your screen print for the sample rule should have an Antivirus profile that blocks traffic.  Like below:

Capture-Rule-actions.PNG

Profile view:

Capture-AV-Profile.PNG

Just saw it was missing in your example and may have been an oversight on your part.  Hopefully this helps.

Phil

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!