6.2 Ensure a secure antivirus profile is applied to all relevant security policies

Information

Create a secure antivirus profile and apply it to all security policies that could pass HTTP, SMTP, IMAP, POP3, FTP, or SMB traffic. The antivirus profile may be applied to the security policies directly or through a profile group.
Rationale:
By applying a secure antivirus profile to all applicable traffic, the threat of malware propagation through the firewall is greatly reduced. Without an antivirus profile assigned to any potential hostile zone, the first protection in the path against malware is removed, leaving in most cases only the desktop endpoint protection application to detect and remediate any potential malware.

Solution

Navigate to Policies > Security.
For each policy, navigate to [Policy Name] > Actions
Set an Antivirus profile or a Profile Group containing an AV profile for each security policy passing traffic - regardless of protocol.
Impact:
Not having an AV Profile on a Security Policy allows signature-based malware to transit the security boundary without blocks or alerts. In most cases this leaves only the Endpoint Security application to block or alert malware.

Default Value:
No Antivirus Profiles are enabled on any default or new Security Policy

See Also

https://workbench.cisecurity.org/files/2104

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, CSCv6|8.5, CSCv7|8

Plugin: Palo_Alto

Control ID: 2a68c63c99b70a7dec4087010b2381ff48328d6b20b552512d5cf4a3efd1a844