6.1 Ensure that antivirus profiles are set to reset-both on all decoders except 'imap' and 'pop3'


Configure antivirus profiles to a value of 'reset-both' for all decoders except imap and pop3 under both Action and WildFire Action. If required by the organization's email implementation, configure imap and pop3 decoders to 'alert' under both Action and WildFire Action.


Antivirus signatures produce low false positives. By blocking any detected malware through the specified decoders, the threat of malware propagation through the firewall is greatly reduced. It is recommended to mitigate malware found in pop3 and imap through a dedicated antivirus gateway. Due to the nature of the pop3 and imap protocols, the firewall is not able to block only a single email message containing malware. Instead, the entire session would be terminated, potentially affecting benign email messages.


Navigate to Objects > Security Profiles > Antivirus.
Set antivirus profiles to have all decoders set to reset-both for both Action and Wildfire Action. If imap and pop3 are required in the organization, set the imap and pop3 decoders to alert for both Action and Wildfire Action.

Default Value:

Not Configured

See Also


Item Details


References: 800-53|SI-3, CSCv7|8

Plugin: Palo_Alto

Control ID: 089aa6d11ffe4ab59780fc719c8059e2f851b59a982e8ea3368ef73c1f8d3afe