6.2 Ensure a secure antivirus profile is applied to all relevant security policies

Information

Create a secure antivirus profile and apply it to all security policies that could pass HTTP, SMTP, IMAP, POP3, FTP, or SMB traffic. The antivirus profile may be applied to the security policies directly or through a profile group.
Rationale:
By applying a secure antivirus profile to all applicable traffic, the threat of malware propagation through the firewall is greatly reduced. Without an antivirus profile assigned to any potential hostile zone, the first protection in the path against malware is removed, leaving in most cases only the desktop endpoint protection application to detect and remediate any potential malware.

Solution

Navigate to Objects > Security Profiles > Antivirus Policies > Security
Set an Antivirus profile for all security policies passing traffic - regardless of protocol.
Ensure each Decoder contains Action set to Block and Wildfire Action set to Block
Set the Source Zone to INSIDE and Source Address to ANY
Set the Destination Zone to OUTSIDE and Destination Address to ANY
Set Application to ANY
Set Service to ANY
Set Action to checked
Set Profile to BlockAll-AV

See Also

https://workbench.cisecurity.org/files/1780

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3a., CSCv6|8.5

Plugin: Palo_Alto

Control ID: c70e9e8c53882f8dc3805252186fd479afd9a6b0c2dcbe8a7d506984fad23899