About charger

Hi, I have a PA3020 installed and operational in my enviroment. I have a vulnerability profile (using "default" actions for detected threats) created and applied to a security policy that covers all zones. I decided to do some testing and simulate an attack using metasploit. Based on my results, I have a couple of questions: I "compromised" several workstations and installed a meterpreter and was able to establish sessions back to my outside "attacker machine". Contrary to expectations, my PA device did not detect anything relating to my attack...I was quite surprised. Is this normal behavior. Have I grievously mis-configured the PA device? I also conducted a SSH brute force password attack. My PA device did see and correctly classify this attack but the default action is "Alert". Why would it allow such traffic? Why not "Drop" or "Deny" traffic that is obviously malicious? Any help is greatly appreciated. M ... View more

Hi, Created a Vulnerability Protection profile. Noticed that I was seeing a lot of "Microsoft Windows Registry Read Attempt" entries in the threat log. These appear to be benign. So I edited the profile, clicked the exceptions tab and checked the "enabled" checkbox for this vulnerability. I assumed this meant that this vulnerability would now be ignored and not show up in the log. This however is not the case. What am I missing? Also In the threat logging window, I click on a threat name and the threat details are displayed. One of the lower columns in the window is "Exempt Profiles". What exactly does this mean? Any help is greatly appreciated. M ... View more

Hi, Where do antivirus profile alerts log to? Also, if I set the action to "block" for a decoder in the antivirus profile, does it still log the event? Any help is greatly appreciated. M ... View more