https://live.paloaltonetworks.com/t5/advanced-threat-prevention/vulnerability-and-spyware-showing-in-monitor-need-to-check-its/m-p/426969#M1269 <P>Hi,</P><P>Please suggest.</P><P>DCS-2530L Unauthenticated Information Disclosure Vulnerability&nbsp; :- Action- reset both</P><P>ZGrab Application Layer Scanner Detection :-&nbsp;:- Action-&nbsp; alert</P><P>name-of-threatid eq 'generic:in-page-push.com :- Action :-&nbsp;sinkhole</P><P>Zeroshell Remote Command Execution Vulnerability&nbsp; :- Action- reset both</P><P>&nbsp;</P> Mon, 16 Aug 2021 06:29:00 GMT sureshukkalkar 2021-08-16T06:29:00Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/vulnerability-and-spyware-showing-in-monitor-need-to-check-its/m-p/426908#M1267 <P><SPAN>vulnerability and spyware showing in monitor need to check its blocked from PA or not and need more clarity on same</SPAN></P> Sun, 15 Aug 2021 10:52:43 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/vulnerability-and-spyware-showing-in-monitor-need-to-check-its/m-p/426908#M1267 sureshukkalkar 2021-08-15T10:52:43Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/vulnerability-and-spyware-showing-in-monitor-need-to-check-its/m-p/426953#M1268 <P>The threat logs will show what action has been taken.Can you pls elaborate what your issue is? Do you wish to block the threats?</P><P>&nbsp;</P> Mon, 16 Aug 2021 05:29:06 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/vulnerability-and-spyware-showing-in-monitor-need-to-check-its/m-p/426953#M1268 rubber_ducky 2021-08-16T05:29:06Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/vulnerability-and-spyware-showing-in-monitor-need-to-check-its/m-p/426969#M1269 <P>Hi,</P><P>Please suggest.</P><P>DCS-2530L Unauthenticated Information Disclosure Vulnerability&nbsp; :- Action- reset both</P><P>ZGrab Application Layer Scanner Detection :-&nbsp;:- Action-&nbsp; alert</P><P>name-of-threatid eq 'generic:in-page-push.com :- Action :-&nbsp;sinkhole</P><P>Zeroshell Remote Command Execution Vulnerability&nbsp; :- Action- reset both</P><P>&nbsp;</P> Mon, 16 Aug 2021 06:29:00 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/vulnerability-and-spyware-showing-in-monitor-need-to-check-its/m-p/426969#M1269 sureshukkalkar 2021-08-16T06:29:00Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/vulnerability-and-spyware-showing-in-monitor-need-to-check-its/m-p/427044#M1270 <P>You can check the below url for more clarity on the different actions that Palo Alto takes on a traffic.</P><P><A href="https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/objects/objects-security-profiles/actions-in-security-profiles.html" target="_blank">https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/objects/objects-security-profiles/actions-in-security-profiles.html</A></P><P>&nbsp;</P><P>For you to decide if you need to block any threat, you should be able to double check by analysing the Src/Dst IPs to see if the traffic is valid in your environment.</P><P>Incase of url, doble check the url.&nbsp; Please DO ALWAYS check if you are seeing any false positves.</P><P>You can create security policy to completely block these Ips, if they are really threats. If you feel the src and dst are valid then Palo Alto may be blocking genuine traffic. You may need to exclude the IPs in the threat signature.</P><P>Click on the magnifying glass in the threat logs to view more details.</P> Mon, 16 Aug 2021 10:12:13 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/vulnerability-and-spyware-showing-in-monitor-need-to-check-its/m-p/427044#M1270 rubber_ducky 2021-08-16T10:12:13Z