Create the Data Center Best Practice Antivirus Profile
Protect your data center from viruses and malware hidden
in HTTP, SMTP, IMAP, POP3, FTP, and SMB files.
Clone the default Antivirus profile and edit it. To ensure availability for
business-critical applications, take safe transition steps as you move from your
current state to the best practice profile. To achieve the best practice profile, modify
the default profile as shown here and attach it to all security policy rules that allow
traffic. The Antivirus profile has decoders that detect and prevent viruses and malware
from being transferred over six protocols: HTTP, SMTP, IMAP, POP3, FTP, and SMB. You can
set WildFire actions for all six protocols because the Antivirus profile also enforces
actions based on WildFire signatures.
Configure the cloned best practice Antivirus profile to reset
both the client and the server for all six protocol decoders and
WildFire actions, and then attach the profile to the allow rules
for all four data center traffic flows.
Red triangles in the upper right corner of a cell indicates that
the action is modified (changed from the default) and the name of
the modified profile is Strict_AV.
The reason to attach the best practice Antivirus profile to all
security policy rules that allow traffic is to block known malicious
files (malware, ransomware bots, and viruses) as they attempt to
enter the network. For example:
Intra data center traffic—The Antivirus profile, along with
the Vulnerability Protection profile, helps prevent attackers from
using exploits to leverage vulnerabilities and spread malware and
hacking tools laterally between servers inside the data center network.
Traffic from the data center to the internet—The Antivirus profile,
along with the Anti-Spyware profile, helps identify and block command
and control traffic and initial downloads of malware and hacking
tools.