This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Antivirus Policy - Action based on Severity Level

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Antivirus Policy - Action based on Severity Level

Matko-DoJ
L0 Member

‎10-23-2020 01:54 AM

Hey All,

we have Antivirus policy in place and we are seeing many, what we believe are, false positives. Mostly on PDF files. Since number is rather high, reporting each one seems a bit excessive. What they all have in common is their severity which is MEDIUM.
With that said, our approach would be to deny only HIGH and CRITICAL severity event and allow the rest.

The problem is I can't find the option to block viruses based on Severity Level (the same option exists for AntiSpyware for example). And virus severity level is clearly visible in Threat Logs.

Would this qualify as a Feature Request or is it already available ?

Thanks!

0 Likes Likes
1 REPLY 1

BPry
Cyber Elite
Cyber Elite

‎10-24-2020 10:00 AM

@Matko-DoJ,

So first and foremost, I would recommend upgrading to the latest antivirus content update. 3509-4020 was giving us a lot of false positives that were reported to PAN, with 3510-4021 which was pushed out yesterday those issues have gone away with signature updates to address the false-positive reports.

Second, I would always recommend reporting false-positives over lowering your security posture. You can temporarily exclude virus exceptions where you actually need to due to false-positives until they get updated, but I wouldn't just lower my security due to them. Exclude the threat IDs causing a problem and report them to TAC so the signatures can get updated.

 

Now to your direct question, this would be a feature request that you raise with your SE. I'm not aware of a feature request already being present for this feature, but if there was one it's your SE's job to find it so they can add your vote to it or create a new request. 

0 Likes Likes
  • 1916 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks