This document describes the steps to change the default action for signatures.
Ensure that the most current content version is downloaded and installed. Go to Device > Dynamic Updates and click "Check now" at the bottom of the page to view latest updates. If not using the latest updates, then perform a download and install. Note: If the latest content version had not been downloaded or installed, log out and then log back into the GUI once this has been done.
Ensure that a Vulnerability Profile has been created and is being used in applicable security policy rules.
Go to Objects > Security Profiles > Vulnerability Protection and click the name of the profile used in the applicable security policy rules.
Click the Exceptions tab.
Check the "Show all signatures" checkbox at the bottom.
Type xxxxx (signature_id) in the search box and hit <enter> or click the green arrow.
Click the checkbox next to the xxxxx signature to enable the exception, and change the action to whatever is desired (drop/alert/allow/block)
Commit the changes
Once the changes are committed, the Palo Alto Networks firewall will perform the updated action for the the signatures.