topic Re: How to detect the virus came from which ip in Advanced Threat Prevention Discussions https://live.paloaltonetworks.com/t5/advanced-threat-prevention/how-to-detect-the-virus-came-from-which-ip/m-p/243532#M478 <P>If you've implemented DNS sinkhole Anti-Spyware protection in your firewall, hosts attempting to hit the sinkhole IP would be those trying to communicate&nbsp;through command-and-control, so it can help pinpoint the infections. You can also look for entries in the Threat logs for Anti-spyware signatures (that are not DNS based) to see if you can spot any malicious activity.</P> <P>If you have Traps and Magnifier, you may also be able to detect behavioral anomalies which can help pinpoint the infected hosts.</P> Mon, 17 Dec 2018 18:18:32 GMT mivaldi 2018-12-17T18:18:32Z How to detect the virus came from which ip https://live.paloaltonetworks.com/t5/advanced-threat-prevention/how-to-detect-the-virus-came-from-which-ip/m-p/243472#M477 <P>several servers in Data Center are affected by a virus but I am unable to pin point the source. Can anyone assist?</P> Mon, 17 Dec 2018 12:03:48 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/how-to-detect-the-virus-came-from-which-ip/m-p/243472#M477 Admin_Network 2018-12-17T12:03:48Z Re: How to detect the virus came from which ip https://live.paloaltonetworks.com/t5/advanced-threat-prevention/how-to-detect-the-virus-came-from-which-ip/m-p/243532#M478 <P>If you've implemented DNS sinkhole Anti-Spyware protection in your firewall, hosts attempting to hit the sinkhole IP would be those trying to communicate&nbsp;through command-and-control, so it can help pinpoint the infections. You can also look for entries in the Threat logs for Anti-spyware signatures (that are not DNS based) to see if you can spot any malicious activity.</P> <P>If you have Traps and Magnifier, you may also be able to detect behavioral anomalies which can help pinpoint the infected hosts.</P> Mon, 17 Dec 2018 18:18:32 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/how-to-detect-the-virus-came-from-which-ip/m-p/243532#M478 mivaldi 2018-12-17T18:18:32Z Re: How to detect the virus came from which ip https://live.paloaltonetworks.com/t5/advanced-threat-prevention/how-to-detect-the-virus-came-from-which-ip/m-p/303756#M711 <P>Did you find that something on threat logs?</P> Sat, 14 Dec 2019 19:39:06 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/how-to-detect-the-virus-came-from-which-ip/m-p/303756#M711 MP18 2019-12-14T19:39:06Z