https://live.paloaltonetworks.com/t5/next-generation-firewall/threat-id-54532/m-p/524264#M681 <P>Anyone have any experience dealing with Threat ID 54532? VBScript Obfuscation.</P> <P>&nbsp;</P> <P>See the offenses/detections but find nothing on the hosts source or destination that reflects a vbs script. Its all internal traffic.&nbsp; Could it be some other traffic that is getting incorrectly labeled as VBS?</P> Thu, 15 Dec 2022 19:20:53 GMT James123456 2022-12-15T19:20:53Z https://live.paloaltonetworks.com/t5/next-generation-firewall/threat-id-54532/m-p/524264#M681 <P>Anyone have any experience dealing with Threat ID 54532? VBScript Obfuscation.</P> <P>&nbsp;</P> <P>See the offenses/detections but find nothing on the hosts source or destination that reflects a vbs script. Its all internal traffic.&nbsp; Could it be some other traffic that is getting incorrectly labeled as VBS?</P> Thu, 15 Dec 2022 19:20:53 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/threat-id-54532/m-p/524264#M681 James123456 2022-12-15T19:20:53Z https://live.paloaltonetworks.com/t5/next-generation-firewall/threat-id-54532/m-p/524891#M697 <P>Hello,</P> <P>Yes it can be other traffic as the signatures are looking for specific items in the traffic. Best way to find out would be to create a packet capture and open a support case for the support team to review it. This is because we do not have insight into the threat definitions.</P> <P>&nbsp;</P> <P>Regards,</P> Thu, 22 Dec 2022 20:20:12 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/threat-id-54532/m-p/524891#M697 OtakarKlier 2022-12-22T20:20:12Z