Create Threat Exceptions (Strata Cloud Manager)
Focus
Focus
Advanced Threat Prevention Powered by Precision AI™

Create Threat Exceptions (Strata Cloud Manager)

Table of Contents


Create Threat Exceptions (Strata Cloud Manager)

  1. Exclude antivirus signatures from enforcement.
    While you can use an WildFire and Antivirus profile to exclude antivirus signatures from enforcement, you cannot change the action is enforced for a specific antivirus signature. However, you can define the enforceable action when viruses are found in different types of traffic by editing the security profile Enforcement Actions.
    1. Select ManageConfigurationNGFW and Prisma AccessSecurity ServicesWildFire and Antivirus.
    2. Add Profile or select an existing WildFire and Antivirus profile from which you want to exclude a threat signature and go to the Advanced Settings tab.
    3. From the Signature Exceptions menu, Add Exception and provide the Threat ID for the threat signature you want to exclude from enforcement. You can optionally add notes to the signature exception.
    4. Save the signature exception when you are finished.
    5. A valid threat signature ID auto-populates the threat name field. You can view a complete list of active signature exceptions as well as Delete entries that are no longer necessary.
    6. Repeat to add additional exceptions or click Save after all of your threat exceptions have been added.
  2. Modify enforcement for vulnerability and spyware signatures (except DNS signatures; while they are a type of spyware signature, DNS signatures are handled through the DNS Security subscription in Prisma Access).
    1. Select ManageConfigurationNGFW and Prisma AccessSecurity ServicesAnti-Spyware or ManageConfigurationNGFW and Prisma AccessSecurity ServicesVulnerability Protection, depending upon the signature type.
    2. Add Profile or select an existing Anti-Spyware or Vulnerability Protection profile from which you want to modify the signature enforcement, and then select Add Override.
    3. Search for spyware or vulnerability signatures by providing the relevant Match Criteria. This automatically filters the available signatures and displays the results in the Matching Signatures section.
    4. Select the check box for the signature(s) whose enforcement you want to modify.
    5. Provide the updated Action, Packet Capture, and IP Addresses that you want the modified enforcement rules to apply to for the selected signatures.
    6. Save your updated signature enforcement configuration.
    7. You can view a complete list of Overrides including various statistics, as well as Delete entries that are no longer necessary.