https://live.paloaltonetworks.com/t5/general-topics/data-filter-blocking-suspicious-downloads/m-p/40216#M29502 <HTML><HEAD></HEAD><BODY><P> For data filtering we set a rule to alert for certain downloads (such as .bat, .exe, etc).&nbsp; In the monitor log, all alerts are listed as LOW severity.&nbsp; I have noticed a pattern where a workstation shows a suspicious download such as game.exe or abyzdew.exe (random letters in name) and then starts showing outbound spyware or virus messages.&nbsp; My deduction is the download was some type of malware.</P><P></P><P>Is there a way to have the files being downloaded scanned for malware and alerted in the data filter tab?&nbsp; What is the purpose of the severity column in the data filtering tab as it relates to the "FILE" type of data filter and why does it always show as low.</P><P></P><P>Thanks.</P><P>Crill</P></BODY></HTML> Tue, 02 Nov 2010 12:43:20 GMT merrydc 2010-11-02T12:43:20Z https://live.paloaltonetworks.com/t5/general-topics/data-filter-blocking-suspicious-downloads/m-p/40216#M29502 <HTML><HEAD></HEAD><BODY><P> For data filtering we set a rule to alert for certain downloads (such as .bat, .exe, etc).&nbsp; In the monitor log, all alerts are listed as LOW severity.&nbsp; I have noticed a pattern where a workstation shows a suspicious download such as game.exe or abyzdew.exe (random letters in name) and then starts showing outbound spyware or virus messages.&nbsp; My deduction is the download was some type of malware.</P><P></P><P>Is there a way to have the files being downloaded scanned for malware and alerted in the data filter tab?&nbsp; What is the purpose of the severity column in the data filtering tab as it relates to the "FILE" type of data filter and why does it always show as low.</P><P></P><P>Thanks.</P><P>Crill</P></BODY></HTML> Tue, 02 Nov 2010 12:43:20 GMT https://live.paloaltonetworks.com/t5/general-topics/data-filter-blocking-suspicious-downloads/m-p/40216#M29502 merrydc 2010-11-02T12:43:20Z https://live.paloaltonetworks.com/t5/general-topics/data-filter-blocking-suspicious-downloads/m-p/40217#M29503 <HTML><HEAD></HEAD><BODY><P></P><P>&gt;For data filtering we set a rule to alert for certain downloads (such as .bat, .exe, etc).&nbsp; In the monitor log, all alerts are listed as LOW &gt;severity.&nbsp; I have noticed a pattern where a workstation shows a suspicious download such as game.exe or abyzdew.exe (random letters &gt;in name) and then starts showing outbound spyware or virus messages.&nbsp; My deduction is the download was some type of malware.</P><P> &gt;Is there a way to have the files being downloaded scanned for malware and alerted in the data filter tab?&nbsp; What is the purpose of the</P><P></P><P>Downloaded files will be scanned for malware through antivirus profile (Objects-&gt;Security Profiles -&gt; Antivirus). Corresponding logs are generated in 'Threat' Log. If you click on the log, it will also show corresponding logs for the 'same' session from different log databases e.g, if a file blocking profile also got triggered on the file, you will see that log when you click on the virus log in the threat log.</P><P></P><P>&gt;severity column in the data filtering tab as it relates to the "FILE" type of data filter and why does it always show as low.</P><P></P><P>Currently, all file blocking logs show up as 'low' severity. Let me know if you have some suggestions on how you would like to see this in a future release (Also, please work through your Sales Engineer/Reseller to have them open a feature request for better tracking). </P><P></P><P>Let me know if you have any further questions,</P><P></P><P>Thanks,<BR />Sandeep </P><P></P><P>&gt;Thanks.</P><P>&gt;Crill</P></BODY></HTML> Tue, 02 Nov 2010 17:54:24 GMT https://live.paloaltonetworks.com/t5/general-topics/data-filter-blocking-suspicious-downloads/m-p/40217#M29503 migration 2010-11-02T17:54:24Z