09-22-2014 01:43 AM
Hello
My customer think all w.generic virus signarues would have false-positive.
So he want to make a virus profile excepted all w.generic signatures.
Can it be made?
Thanks.
09-22-2014 04:28 AM
Hi Cheon,
This can be done, but you will have to add the threat ID for each virus into the exceptions list. How to Add a Threat Exceptions explains how you can go about doing this.
Regards,
- Jacob
09-22-2014 05:53 AM
Hi Cheon,
Following document will help you to create exception for desired thread.
How to Add a Threat Exceptions
Well, W.generic signature are basically wild-fire push. So, it will remain for may be 24 hours and then permanently installed on firewall through anti-virus update.
Regards,
Hardik Shah
09-22-2014 10:17 AM
Hi Cheon,
So basically whatever changes you do will not last for more than 2 days. Because those updates will have newer name and id after two days.
Let me know if this helps.
Regards,
Hardik Shah
09-22-2014 07:44 PM
Thanks for your answer, Jacob and Hardik Shah.
I already knew a way how to add a threat exception. But this method is I have to add each threat-IDs.
My customer wants to add some automatic method.
Do you know the ranged of w.generic virus signature IDs???
Thanks,
KC Lee
09-22-2014 09:15 PM
Hi Cheon,
Following document has requested information.
Threat ID Ranges in the Palo Alto Networks Content Database
Basically WF IDs are :
Let me know if this helps.
Regards,
Hardik Shah
09-23-2014 06:11 AM
Hi Cheon,
Let me know if this was helpful.
Regards,
Hardik Shah
09-24-2014 10:24 PM
Hi hshah,
Thanks you for your answer.
are All WildFire signatures for PE made up w.generic???
And Is it possible that add range Virus IDs to virus exception?
Regards,
KC Lee
09-24-2014 11:19 PM
Hello KC Lee,
Ans:1 I don't think all signatures for PE made up w.generic. Below is an example for different PE Virus Signatures.
FYI: WF IDs are :
Ans:2 You have to add indivisual virus exception into the profile and no options available to add a range of Virus IDs for virus exception.
Hope this helps.
Thanks
09-25-2014 10:27 AM
Hi Cheon,
There is no mechanism to do mass exception for virus IDs.
However, you may want to add exception for 1 virus Id, then check configuration changes from CLI.
Copy config in notepad, edit it for number of IDs and put it in CLI. Its just a idea. You will have to work on it.
Regards,
Hardik Shah
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
