02-13-2015 08:37 AM
I want to create an exception action for a specific antivirus ID (which happens to be outbound traffic). The default action is “alert” and I want this one ID to be “drop”. This is possible for the spyware and vulnerability profiles, but my problem is that it looks like the antivirus security profile exceptions are ONLY “allow”. How can I configure the PA to “drop” only one specific antivirus-ID?
02-13-2015 09:03 AM
Hello John,
As far as I know you can do an exception based on application and specify whatever action you want but not specific to an ID for antivirus profile.
Regards,
Hari Yadavalli
02-13-2015 09:08 AM
Yes, I think I can specify an action for an entire "application" that registers any virus, but that is very broad and this would cover ALL virus-signatures for all SMTP traffic (In this case) and I don’t really want to do that. Is there any way to apply finer granularity to it?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
