Can I make a virus security-profile excepted all w.generic signatrues?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Can I make a virus security-profile excepted all w.generic signatrues?

L4 Transporter

Hello

My customer think all w.generic virus signarues would have false-positive.

So he want to make a virus profile excepted all w.generic signatures.

Can it be made?

Thanks.

9 REPLIES 9

L1 Bithead

Hi Cheon,

This can be done, but you will have to add the threat ID for each virus into the exceptions list.  How to Add a Threat Exceptions explains how you can go about doing this.

Regards,

- Jacob

L6 Presenter

Hi Cheon,

Following document will help you to create exception for desired thread.

How to Add a Threat Exceptions

Well, W.generic signature are basically wild-fire push. So, it will remain for may be 24 hours and then permanently installed on firewall through anti-virus update.

Regards,

Hardik Shah

Hi Cheon,

So basically whatever changes you do will not last for more than 2 days. Because those updates will have newer name and id after two days.

Let me know if this helps.

Regards,

Hardik Shah

Thanks for your answer, Jacob and Hardik Shah.

I already knew a way how to add  a threat exception. But this method is I have to add each threat-IDs.

My customer wants to add some automatic method.

Do you know the ranged of w.generic virus signature IDs???

Thanks,

KC Lee

Hi Cheon,

Following document has requested information.

Threat ID Ranges in the Palo Alto Networks Content Database

Basically WF IDs are :

  • PE: 2000000 - 3000000
  • PE (WildFire): 3000000 - 3100000

Let me know if this helps.

Regards,

Hardik Shah

Hi Cheon,

Let me know if this was helpful.

Regards,

Hardik Shah

Hi hshah,

Thanks you for your answer.

are All  WildFire signatures for PE made up w.generic???

And Is it possible that add range Virus IDs to virus exception?

Regards,

KC Lee

Hello KC Lee,

Ans:1 I don't think all signatures for PE made up w.generic. Below is an example for different PE Virus Signatures.

FYI: WF IDs are :

  • PE: 2000000 - 3000000
  • PE (WildFire😞 3000000 - 3100000

PE-Virus-1.jpg

PE-Virus.jpg

Ans:2 You have to add indivisual virus exception into the profile and no options available to add a range of Virus IDs for virus exception.

Hope this helps.

Thanks

Hi Cheon,

There is no mechanism to do mass exception for virus IDs.

However, you may want to add exception for 1 virus Id, then check configuration changes from CLI.

Copy config in notepad, edit it for number of IDs and put it in CLI. Its  just a idea. You will have to work on it.

Regards,

Hardik Shah

  • 4458 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!