Antivirus Policy - Action based on Severity Level

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Antivirus Policy - Action based on Severity Level

L0 Member

Hey All,

we have Antivirus policy in place and we are seeing many, what we believe are, false positives. Mostly on PDF files. Since number is rather high, reporting each one seems a bit excessive. What they all have in common is their severity which is MEDIUM.
With that said, our approach would be to deny only HIGH and CRITICAL severity event and allow the rest.

The problem is I can't find the option to block viruses based on Severity Level (the same option exists for AntiSpyware for example). And virus severity level is clearly visible in Threat Logs.

Would this qualify as a Feature Request or is it already available ?

Thanks!

1 REPLY 1

Cyber Elite
Cyber Elite

@Matko-DoJ,

So first and foremost, I would recommend upgrading to the latest antivirus content update. 3509-4020 was giving us a lot of false positives that were reported to PAN, with 3510-4021 which was pushed out yesterday those issues have gone away with signature updates to address the false-positive reports.

Second, I would always recommend reporting false-positives over lowering your security posture. You can temporarily exclude virus exceptions where you actually need to due to false-positives until they get updated, but I wouldn't just lower my security due to them. Exclude the threat IDs causing a problem and report them to TAC so the signatures can get updated.

 

Now to your direct question, this would be a feature request that you raise with your SE. I'm not aware of a feature request already being present for this feature, but if there was one it's your SE's job to find it so they can add your vote to it or create a new request. 

  • 1677 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!