While this option allows you to be protected against threats, by
giving you the option to enable the App-ID at a later time, Palo
Alto Networks recommends that instead of disabling App-IDs on a
regular basis, you should instead configure a security policy rule
to
Temporarily
Allow New App-IDs. This rule will always allow the new App-IDs introduced
in only the latest content release. Because content updates that include
new App-IDs are released only once a month, this gives you time
to assess the new App-IDs and adjust your security policy to cover
the new App-IDs if needed, all the while ensuring that availability
for critical applications is not affected.