custom application of application cxceptions in antivirus profile

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

custom application of application cxceptions in antivirus profile

L4 Transporter

Hi All

Can i use custom application in the application cxceptions of antivirus profile? I try seveval times, but still not find it in the application cxceptions of antivirus profile.

Is there any way to custom application in the application cxceptions of antivirus profile?

Thanks,

Joy

6 REPLIES 6

L6 Presenter

According to these docs (as I interpret them) custom apps wont be able to use URL, threat or anti-virus scanning engines.

Only custom apps which are based on already builtin apps will be able to do so:

Does application override adversely affect Threat ID?
https://live.paloaltonetworks.com/docs/DOC-2344

Application Override and Scanning Engines
https://live.paloaltonetworks.com/docs/DOC-1343

Thanks for your reply.

Joy

As a sidenote...

If you have a new app which might be usful for others you can request app enhancement from the Apps and Threats Research Center.

http://www.paloaltonetworks.com/researchcenter/tools/

From there you can click on Submit an app and provide details there.

Those apps will be able to use URL, threat and AV engines (since they will be included in the appdb).

On the other hand I think that at least the threatdb should be able to apply even for unknown traffic (since I interpret threatdb as the IDP function of PAN) - could someone from PA perhaps put some light on why not at least the threat enginge can operate on custom apps?

L1 Bithead

Has anyone tested this with custom HTTP based applications for QOS? We have bandwidth concerns during certain major events involving streaming video, ie the Olympics or US Open. I am going to guess these will be identified as web-browsing and QOS policy will not be enforced for the custom application?

I dunno if my previous interpretation was correct.

When you setup custom app (no matter if you use parentapp or not) you have checkboxes for if this particular app should be scanned for antivirus and the other stuff.

I'm not sure I follow you Mikand. I can tell you from testing that if your custom application is HTTP based, you cannot set policy based on the app.The checkboxes for scanning have no impact.  It gets tagged as web-browsing and the rule you create is ignored which is why I have posed the question regarding QOS.

Update**

It looks like the traffic I was initially using for this testing didn't generate enough packets to function properly. We have since done some testing with an application that generates more traffic and achieved the expected results.

  • 3134 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!