https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39178#M28731 <HTML><HEAD></HEAD><BODY><P>using security profiles for related traffic will be fine to secure.</P><P>You Still need to clean the host with a tool.</P><P>There are many 3rd party freeware tools you can find on the web.from details you can also see the vendors</P><P><A href="https://www.virustotal.com/en/file/d2744a38a67fee26410d69d312d80d4802cc5112bfaedc50da8eb9ad7ee43fbe/analysis/" title="https://www.virustotal.com/en/file/d2744a38a67fee26410d69d312d80d4802cc5112bfaedc50da8eb9ad7ee43fbe/analysis/">https://www.virustotal.com/en/file/d2744a38a67fee26410d69d312d80d4802cc5112bfaedc50da8eb9ad7ee43fbe/analysis/</A></P></BODY></HTML> Mon, 03 Nov 2014 10:06:13 GMT Retired Member 2014-11-03T10:06:13Z https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39171#M28724 <HTML><HEAD></HEAD><BODY><P>Hi Guys,</P><P>On PAN's Monitor tab i've noticed that one of our hosts(user's computers) send periodically some packets to 111.111.111.111 and receive any packets.on Application tab it stays incomplete!what is the shit?Did anyone have the problem like this?what can i do for figuring this out? any idea?</P><P></P><P>Huge Thanks</P><P><BR />Tigran</P></BODY></HTML> Mon, 03 Nov 2014 09:28:55 GMT https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39171#M28724 TigranGevorgyan 2014-11-03T09:28:55Z https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39172#M28725 <HTML><HEAD></HEAD><BODY><P>Hi Tigran,</P><P></P><P>Incomplete means that either the three way TCP handshake did NOT complete or the three way TCP handshake did complete but there was no data after the handshake to identify the application. In other words that traffic you are seeing is not really an application.</P><P>So to explain a little clearer, if a client sends a server a syn and the Palo Alto device creates a session for that syn, but the server never sends a SYN ACK in response back to the client, then that session would be seen as incomplete. More information can be found here:</P><P><A href="https://live.paloaltonetworks.com/docs/DOC-1549">Incomplete, Insufficient data and Not-applicable in the application field</A></P><P></P><P>In addition , for example virustotal.com can provide you more information about specific IP address:</P><P></P><P><A href="https://www.virustotal.com/en/ip-address/111.111.111.111/information/" title="https://www.virustotal.com/en/ip-address/111.111.111.111/information/">https://www.virustotal.com/en/ip-address/111.111.111.111/information/</A></P></BODY></HTML> Mon, 03 Nov 2014 09:34:28 GMT https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39172#M28725 gbogojevic 2014-11-03T09:34:28Z https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39173#M28726 <HTML><HEAD></HEAD><BODY><P>HI <STRONG style="font-size: 12px; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; color: #3b3b3b;"><A _jive_internal="true" class="jiveTT-hover-user jive-username-link" data-avatarid="-1" data-externalid="" data-presence="null" data-userid="22331" data-username="gbogojevic" href="https://live.paloaltonetworks.com/people/gbogojevic" style="padding: 0 3px 0 0; font-weight: inherit; font-style: inherit; font-size: 1.1em; font-family: inherit; color: #006595;">gbogojevic</A></STRONG>,</P><P><BR />Thanks for info. I've got all what you said to me, but i don't understand how can i sole this problem? maybe i should scan that computer for viruses?what do you think?</P><P><BR />Huge Thanks</P><P></P><P>Tigran</P></BODY></HTML> Mon, 03 Nov 2014 09:41:29 GMT https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39173#M28726 TigranGevorgyan 2014-11-03T09:41:29Z https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39174#M28727 <HTML><HEAD></HEAD><BODY><P>There seems to be a malware on the host.</P></BODY></HTML> Mon, 03 Nov 2014 09:42:55 GMT https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39174#M28727 Retired Member 2014-11-03T09:42:55Z https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39175#M28728 <HTML><HEAD></HEAD><BODY><P>Hi Tigran,</P><P><BR />Yes, you should scan the local computer. In addition, you can apply security profile (antivirus, antispyware, vulnerability and URL profile)&nbsp; to the security policy that matches traffic from that specific host.</P></BODY></HTML> Mon, 03 Nov 2014 09:47:36 GMT https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39175#M28728 gbogojevic 2014-11-03T09:47:36Z https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39176#M28729 <HTML><HEAD></HEAD><BODY><P>Hi Panos,</P><P><BR />I also think so. what kind of programs or ativiruses do you advise to use in such situations?</P><P><BR />Thanks</P></BODY></HTML> Mon, 03 Nov 2014 09:49:23 GMT https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39176#M28729 TigranGevorgyan 2014-11-03T09:49:23Z https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39177#M28730 <HTML><HEAD></HEAD><BODY><P>ok, Understood</P><P></P><P>Thank you so much.</P></BODY></HTML> Mon, 03 Nov 2014 09:51:54 GMT https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39177#M28730 TigranGevorgyan 2014-11-03T09:51:54Z https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39178#M28731 <HTML><HEAD></HEAD><BODY><P>using security profiles for related traffic will be fine to secure.</P><P>You Still need to clean the host with a tool.</P><P>There are many 3rd party freeware tools you can find on the web.from details you can also see the vendors</P><P><A href="https://www.virustotal.com/en/file/d2744a38a67fee26410d69d312d80d4802cc5112bfaedc50da8eb9ad7ee43fbe/analysis/" title="https://www.virustotal.com/en/file/d2744a38a67fee26410d69d312d80d4802cc5112bfaedc50da8eb9ad7ee43fbe/analysis/">https://www.virustotal.com/en/file/d2744a38a67fee26410d69d312d80d4802cc5112bfaedc50da8eb9ad7ee43fbe/analysis/</A></P></BODY></HTML> Mon, 03 Nov 2014 10:06:13 GMT https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39178#M28731 Retired Member 2014-11-03T10:06:13Z https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39179#M28732 <HTML><HEAD></HEAD><BODY><P>Hi Panos,</P><P><BR />I've observed <A class="loading" href="https://www.virustotal.com/en/file/d2744a38a67fee26410d69d312d80d4802cc5112bfaedc50da8eb9ad7ee43fbe/analysis/">https://www.virustotal.com/en/file/d2744a38a67fee26410d69d312d80d4802cc5112bfaedc50da8eb9ad7ee43fbe/analysis/</A></P><P>this link and have a question.From Up come Antiviruses which Resulsts are in red colour, and then Antiviruses which results are in Green.</P><P></P><P>As i understand for example </P><TABLE class="table table-striped" style="margin-bottom: 20px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif;"><TBODY><TR style="border: 0px;"><TD class="ltr" style="padding: 8px; border: 0px; background-color: #f9f9f9;">Ad-Aware</TD><TD class="ltr text-red" style="padding: 8px; border: 0px; background-color: #f9f9f9; color: #b40c1a !important;">Gen:Trojan.Heur.GM.050005010A</TD></TR></TBODY></TABLE><P>This Antivirus can't fixed this&nbsp; <SPAN style="color: #b40c1a; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; background-color: #f9f9f9;">Gen:Trojan.Heur.GM.050005010A trojan virus.</SPAN></P><P><SPAN style="color: #b40c1a; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; background-color: #f9f9f9;"><BR /><BR /><BR /></SPAN><BR />and Avast for example is up to date and can fix all viruses.</P><P><BR />am i right?I use Avast, hope it'll help.</P><P><BR />Huge thanks</P></BODY></HTML> Wed, 05 Nov 2014 12:28:46 GMT https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39179#M28732 TigranGevorgyan 2014-11-05T12:28:46Z https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39180#M28733 <HTML><HEAD></HEAD><BODY><P>That was an example for a file which makes traffic to 111.111.111.111</P><P></P><P>if it is green then it cannot detect that trojan</P><P>As you see top Detection ratio: 8 / 54</P></BODY></HTML> Wed, 05 Nov 2014 13:08:09 GMT https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39180#M28733 Retired Member 2014-11-05T13:08:09Z https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39181#M28734 <HTML><HEAD></HEAD><BODY><P>As i understand, i should use the one of the top 8 Antiviruses to detect that trojan, am i correct?</P></BODY></HTML> Wed, 05 Nov 2014 13:13:24 GMT https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39181#M28734 TigranGevorgyan 2014-11-05T13:13:24Z https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39182#M28735 <HTML><HEAD></HEAD><BODY><P>for that malware and for that update version yes.Maybe with a new update others will also see that file.Or maybe it is a false positive.</P></BODY></HTML> Wed, 05 Nov 2014 13:21:51 GMT https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39182#M28735 Retired Member 2014-11-05T13:21:51Z https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39183#M28736 <HTML><HEAD></HEAD><BODY><P>Ok, Thanks</P></BODY></HTML> Wed, 05 Nov 2014 13:28:16 GMT https://live.paloaltonetworks.com/t5/general-topics/i-ve-noticed-an-incomplate-request-to-111-111-111-111/m-p/39183#M28736 TigranGevorgyan 2014-11-05T13:28:16Z