The VSA Domain Deployment process from the Probe process triggers A/V blocking with PaloAlto Firewall. This is due to the thumb-printing of the the network service over tcp/445.
With Agent 220.127.116.11, it was detected as this:
Unique Threat ID: 305850819
Create Time: 2019-09-28 23:49:38 (UTC)
Threat ID: n/a
Current Release: n/a
First Release: 3118 (2019-09-30 UTC)
Now, with 18.104.22.168, the blocking begain and now we get this:
Unique Threat ID: 313716504
Create Time: 2019-11-10 08:06:19 (UTC)
Threat ID: 2600841
Current Release: 3160 (2019-11-11 UTC)
First Release: 3160 (2019-11-11 UTC)
You have to make an exception in the A/V policy to allow deployment to work. I hate this, as its a bit of work to make sure it's only a granular exception and that a real virus with the same signature is not allowed to propagate the network.