Threat prevention

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Threat prevention

L4 Transporter

I have downloaded and installed the threat prevention license, configured daily download of antivirus and the other downloads, created security profiles and added them to my security profiles. Everything is working except for the antivirus, its downloading and installing the definitions every day but I am not getting any information in my threat monitor for antivirus. I don't think I missed anything but let me know if anyone has any ideas.

12 REPLIES 12

L4 Transporter

Hi

You can test Your config by Eicar test AV http://www.eicar.org/86-0-Intended-use.html

Regards

SLawek

It collecting maleware and vulnerability data just fine it the antivirus portion of the threat prevention that isn't showing anything I don't think the link you gave me will help me to assure that my antivirus configuration is correct and working.

Opps - dorry for misunderstanding.

What about Monitor>System logs close to time when update of AV definition should be picked up?

Did You try to manually upload AV update?

What version of PAN are You using?

Please share with us screenshot of Dynamic Update

Ragards

Slawek

My PA version is 6.1.1. Its downloading and installing just fine it just now showing any data  in the threat monitor

L4 Transporter

Hi

what about Your security rules - does it have AV profile atached?

something like that:

2015-06-09_202910.png

in my example there is None - but You must chose one.

Regards

Slawek

Yes I have them created and added to my security policies

L4 Transporter

Lets do a test

Please try to dwonload http://www.eicar.org/download/eicar.com

If You really have proper configuration of AV profile atached to Your security polisy that allow Your computer to get internet access this Eicar file should be blocked

Please atache Your session detail with atempt to download Eicar file. My is:

2015-06-09_205547.png

I did the testing and confirmed with the PA service desk that it is configured correctly but still is not working  correctly

Slawek,

Your screen print for the sample rule should have an Antivirus profile that blocks traffic.  Like below:

Capture-Rule-actions.PNG

Profile view:

Capture-AV-Profile.PNG

Just saw it was missing in your example and may have been an oversight on your part.  Hopefully this helps.

Phil

It is not necessary to have it set to block to have it work, it can also be set to alert

True.  but having an Antivirus Profile of "none" will not work for testing.  That was the main point I was suggesting.  The block profile is just what we have in place.

L4 Transporter

I got this to respond to the eicar test recommended by PA support. But other than that it show no virus threats. That still doesn't seem possbile

  • 4489 Views
  • 12 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!