1. Home
  2. Security Hardening
  3. DISA STIG Palo Alto Alg V2R2
  4. PANW-AG-000062 – The Palo Alto Networks security platform must drop malicious code upon detection – Antivirus Services.
Searching...

PANW-AG-000062 – The Palo Alto Networks security platform must drop malicious code upon detection – Antivirus Services.

Details

Malicious code is designed to compromise information systems; therefore, it must be prevented from being transferred to uninfected hosts.

The Palo Alto Networks security platform allows customized profiles to be used to perform antivirus inspection for traffic between zones. Antivirus, anti-spyware, and vulnerability protection features require a specific license. There is a default Antivirus Profile; the profile inspects all of the listed protocol decoders for viruses, and generates alerts for SMTP, IMAP, and POP3 protocols while dropping for FTP, HTTP, and SMB protocols. However, these default actions cannot be edited and the values for the FTP, HTTP, and SMB protocols do not meet the requirement, so customized profiles must be used.

Solution

To create an Antivirus Profile:
Go to Objects >> Security Profiles >> Antivirus.

Select ‘Add’.

In the ‘Antivirus Profile’ window, complete the required fields.

Complete the ‘Name’ and ‘Description’ fields.

In the ‘Antivirus’ tab, for all Decoders (SMTP, IMAP, POP3, FTP, HTTP, SMB protocols) set the ‘Action’ to ‘drop’ or ‘reset-both’.

Select ‘OK’.

Use the Antivirus Profile in a Security Policy:
Go to Policies >> Security.

Select an existing policy rule or select ‘Add’ to create a new one.

In the ‘Actions’ tab in the ‘Profile Setting’ section; in the ‘Profile Type’ field, select ‘Profiles’. The window will change to display the different categories of Profiles.

In the ‘Actions’ tab in the ‘Profile Setting’ section; in the ‘Antivirus’ field, select the configured Antivirus Profile.

Select ‘OK’.

Commit changes by selecting ‘Commit’ in the upper-right corner of the screen.

Select ‘OK’ when the confirmation dialog appears.

Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Palo_Alto.

References

Source

Updated on July 16, 2022
Was this article helpful?
Yes No

Related Articles