Palo Alto Threat Prevention config

["Baumgartner, Mark A." <MarkBaumgartner () CREIGHTON EDU>]

Good Afternoon All -

A couple months back Dave Tevlin posted this link (thanks Dave!) to a document from SANS on a secure benchmark for Palo 
Alto devices:
http://www.sans.org/reading-room/whitepapers/auditing/palo-alto-firewall-security-configuration-benchmark-35777

This got me thinking, as to what kind of configurations others might be running with respect to the  Antivirus, 
Anti-Spyware, and Vulnerability Protection profiles contained in the PA Threat Prevention system (i.e. blocking all 
Critical/High, only blocking specific threats, etc.).  Have you seen any issues with false positives?

Thanks in advance for those willing to share (even generally) their experiences around these configurations.  Off list 
or on list responses are much appreciated!


Mark Baumgartner
Information Security | Creighton University