Are there any recommended settings for excluding categories, such as disk-backup or firewall? And if there is one there, but no vendor is listed what will it default to? For example, if under Portal > Hip Data Collection > Exclude Categories patch-management is listed under Category, but there is nothing listed under Vendor, what does that mean it will do?
I can wrap my head around what it means if there is something listed there like Vendor > Kaspersky Lab > Product > Kaspersky Small Office Security, but what if nothing is there other than patch-management listed under Exclude Categories?
I honestly think Global Protect is the most disappointing feature of PaloAlto FW.
Critical vulnerabilities are found in this feature every year, and implicit SSLDecryption is used to protect against those vulnerabilities, and this implicit action is not disclosed in the documentation, nor is it disclosed for cases that significantly compromise performance.
I've been working with this feature for nearly two years now, and I have the impression that there are a great many operational problems. For that reason, I don't recommend it to customers who are thinking of implementing it for new customers.
That's my stance, so ask me based on that.
First, PaloAlto does not know exactly what the question is about.
The Host Information Profile (HIP) is provided by OPSWAT, a third party component.
For Traps, I've heard that OPSWAT is also involved and has many of the same problems as Global Protect. But I've never used them myself.
https://www.opswat.com/partners/palo-alto-networks
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-new-features/globalprotect-features/opswat-sdk-v4-support
So no one other than OPSWAT can tell what the intent is.
One possible explanation for the failure of the HIP data to behave as intended is that GlobalProtect data file installation is not triggered.
GlobalProtect data file installation can only be triggered when a data file update schedule is configured under DeviceDynamic UpdatesGlobalProtect Data File. PaloAlto recommend that you set the Schedule recurrence to Hourly(I don't believe it).
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-new-features/upgrade-to-pan-os-81/upgradedowngrade-considerations.html
The following article suggests that PaloAlto itself is also aware of this situation and may be a good step in the right direction.
https://www.paloaltonetworks.com/company/press/2018/palo-alto-networks-announces-intent-to-acquire-secdo
https://www.paloaltonetworks.com/company/press/2020/palo-alto-networks-and-opswat-expand-partnership-to-address-endpoint-security-compliance