Antivirus Policy - Action based on Severity Level

Reply
Highlighted
L0 Member

Antivirus Policy - Action based on Severity Level

Hey All,

we have Antivirus policy in place and we are seeing many, what we believe are, false positives. Mostly on PDF files. Since number is rather high, reporting each one seems a bit excessive. What they all have in common is their severity which is MEDIUM.
With that said, our approach would be to deny only HIGH and CRITICAL severity event and allow the rest.

The problem is I can't find the option to block viruses based on Severity Level (the same option exists for AntiSpyware for example). And virus severity level is clearly visible in Threat Logs.

Would this qualify as a Feature Request or is it already available ?

Thanks!

Highlighted
Cyber Elite

@Matko-DoJ,

So first and foremost, I would recommend upgrading to the latest antivirus content update. 3509-4020 was giving us a lot of false positives that were reported to PAN, with 3510-4021 which was pushed out yesterday those issues have gone away with signature updates to address the false-positive reports.

Second, I would always recommend reporting false-positives over lowering your security posture. You can temporarily exclude virus exceptions where you actually need to due to false-positives until they get updated, but I wouldn't just lower my security due to them. Exclude the threat IDs causing a problem and report them to TAC so the signatures can get updated.

 

Now to your direct question, this would be a feature request that you raise with your SE. I'm not aware of a feature request already being present for this feature, but if there was one it's your SE's job to find it so they can add your vote to it or create a new request. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!