09-27-2021 10:49 PM
What does Signature policy in Anti Spyware do, and what does "Default" in Action do.
09-27-2021 11:18 PM - edited 09-27-2021 11:24 PM
Thank you for posting question @rajumaharjan
The Anti-Spyware policy called: "default" comes automatically after you install Threat Prevention license and install the Application and Threat package. Not licensed Firewalls have this profile as well, however there is a message: "Threat Prevention License required for antivirus, anti-spyware, and vulnerability protection to function". The action default simply means that it will take default action based on signature. For example if signature has default action: (reset-both) it will send TCP RST to client and server. If the signature has default action: (alert) it will only make record in Threat log. You can see all the signature by going to: Exceptions and clicking on: show all signatures.
If you want to get more information about signature you can go to: https://threatvault.paloaltonetworks.com/ then search for signature based on name, threat id,... From here you can see more information for example when and in what Threat package it was released.
Note: Unless you link the Anti-Spyware profile into: Security Profile Group and this group assign to security policy, it will not have any effect.
Kind Regards
Pavel
09-29-2021 07:56 AM
Thank you for the reply, got the answer.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
