: Create the Data Center Best Practice Antivirus Profile
Focus
Focus

Create the Data Center Best Practice Antivirus Profile

Table of Contents
End-of-Life (EoL)

Create the Data Center Best Practice Antivirus Profile

Protect your data center from viruses and malware hidden in HTTP, SMTP, IMAP, POP3, FTP, and SMB files.
Clone the default Antivirus profile and edit it. To ensure availability for business-critical applications, take safe transition steps as you move from your current state to the best practice profile. To achieve the best practice profile, modify the default profile as shown here and attach it to all security policy rules that allow traffic. The Antivirus profile has protocol decoders that detect and prevent viruses and malware from being transferred over seven protocols: FTP, HTTP, HTTP2, IMAP, POP3, SMB, and SMTP. You can set WildFire actions for all seven protocols because the Antivirus profile also enforces actions based on WildFire signatures and in-line machine learning.
Configure the cloned best practice Antivirus profile to reset both the client and the server for all seven protocol decoders and WildFire actions, and then attach the profile to the allow rules for all four data center traffic flows.
Red triangles in the upper left corner of a cell indicates that the action is modified (changed from the default) and the name of the modified profile is Strict_AV.
Attach the best practice Antivirus profile to all security policy rules that allow traffic to block known malicious files (malware, ransomware bots, and viruses) as they attempt to enter the network. For example:
  • Intra data center traffic—The Antivirus profile, along with the Vulnerability Protection profile, helps prevent attackers from using exploits to leverage vulnerabilities and spread malware and hacking tools laterally between servers inside the data center network.
  • Traffic from the data center to the internet—The Antivirus profile, along with the Anti-Spyware profile, helps identify and block command and control traffic and initial downloads of malware and hacking tools.