Threat prevention

jdprovine · ‎06-09-2015

I have downloaded and installed the threat prevention license, configured daily download of antivirus and the other downloads, created security profiles and added them to my security profiles. Everything is working except for the antivirus, its downloading and installing the definitions every day but I am not getting any information in my threat monitor for antivirus. I don't think I missed anything but let me know if anyone has any ideas.

_slv_ · ‎06-09-2015

Hi

You can test Your config by Eicar test AV http://www.eicar.org/86-0-Intended-use.html

Regards

SLawek

jdprovine · ‎06-09-2015

It collecting maleware and vulnerability data just fine it the antivirus portion of the threat prevention that isn't showing anything I don't think the link you gave me will help me to assure that my antivirus configuration is correct and working.

_slv_ · ‎06-09-2015

Opps - dorry for misunderstanding.

What about Monitor>System logs close to time when update of AV definition should be picked up?

Did You try to manually upload AV update?

What version of PAN are You using?

Please share with us screenshot of Dynamic Update

Ragards

Slawek

jdprovine · ‎06-09-2015

My PA version is 6.1.1. Its downloading and installing just fine it just now showing any data in the threat monitor

_slv_ · ‎06-09-2015

Hi

what about Your security rules - does it have AV profile atached?

something like that:

in my example there is None - but You must chose one.

Regards

Slawek

jdprovine · ‎06-09-2015

Yes I have them created and added to my security policies

_slv_ · ‎06-09-2015

Lets do a test

Please try to dwonload http://www.eicar.org/download/eicar.com

If You really have proper configuration of AV profile atached to Your security polisy that allow Your computer to get internet access this Eicar file should be blocked

Please atache Your session detail with atempt to download Eicar file. My is:

jdprovine · ‎06-10-2015

I did the testing and confirmed with the PA service desk that it is configured correctly but still is not working correctly

HITSSEC · ‎06-10-2015

Slawek,

Your screen print for the sample rule should have an Antivirus profile that blocks traffic. Like below:

Profile view:

Just saw it was missing in your example and may have been an oversight on your part. Hopefully this helps.

Phil

jdprovine · ‎06-11-2015

It is not necessary to have it set to block to have it work, it can also be set to alert

HITSSEC · ‎06-11-2015

True. but having an Antivirus Profile of "none" will not work for testing. That was the main point I was suggesting. The block profile is just what we have in place.

jdprovine · ‎06-12-2015

I got this to respond to the eicar test recommended by PA support. But other than that it show no virus threats. That still doesn't seem possbile

Unlock your full community experience!

Threat prevention

Threat prevention

Show your appreciation!