https://live.paloaltonetworks.com/t5/general-topics/how-palo-alto-detect-virus/m-p/44461#M32628 <HTML><HEAD></HEAD><BODY><P>Other things to take into account (if the download actually passed the PA) is if ssl was used or not and if so did you have ssl-decryption enabled?</P><P></P><P><SPAN>If you have a copy of the malicious file you could try to upload it manually to wildfire and see which opinion wildfire has on the file in question (first login to </SPAN><A class="jive-link-external-small" href="https://support.paloaltonetworks.com):">https://support.paloaltonetworks.com):</A></P><P></P><P><A href="https://wildfire.paloaltonetworks.com/" title="https://wildfire.paloaltonetworks.com/">https://wildfire.paloaltonetworks.com/</A></P></BODY></HTML> Thu, 04 Jul 2013 18:12:41 GMT mikand 2013-07-04T18:12:41Z https://live.paloaltonetworks.com/t5/general-topics/how-palo-alto-detect-virus/m-p/44457#M32624 <HTML><HEAD></HEAD><BODY><P><SPAN lang="en"><SPAN class="hps"><BR /></SPAN></SPAN></P><P><SPAN id="result_box" lang="en"><SPAN class="hps">Last week</SPAN> <SPAN class="hps">my client</SPAN> <SPAN class="hps">suffered</SPAN> <SPAN class="hps">a virus</SPAN> <SPAN class="hps">attack</SPAN> <SPAN class="hps">in</SPAN> its <SPAN class="hps">LAN</SPAN> <SPAN class="hps"></SPAN><SPAN class="hps">and we have not</SPAN> <SPAN class="hps">seen anything</SPAN> <SPAN class="hps">in</SPAN> P<SPAN class="hps">alo Alto (monitor threat)</SPAN><SPAN>.</SPAN> <SPAN class="hps">I wanted to know</SPAN> how good is Palo Alto detecting virus and why reasons the PA didnt detect this virus. Anyone has had any similar problem<SPAN class="hps"></SPAN><SPAN>.</SPAN></SPAN></P><P><SPAN lang="en"><SPAN><BR /></SPAN></SPAN></P><P><SPAN lang="en"><SPAN><BR /></SPAN></SPAN></P><P><SPAN id="result_box" lang="en"><SPAN>thanks a lot</SPAN></SPAN></P></BODY></HTML> Thu, 04 Jul 2013 11:09:10 GMT https://live.paloaltonetworks.com/t5/general-topics/how-palo-alto-detect-virus/m-p/44457#M32624 soporteseguridad 2013-07-04T11:09:10Z https://live.paloaltonetworks.com/t5/general-topics/how-palo-alto-detect-virus/m-p/44458#M32625 <HTML><HEAD></HEAD><BODY><P>You can search for the virus that you found with other vendor or etc.. using <A class="active_link" href="https://threatvault.paloaltonetworks.com/" title="https://threatvault.paloaltonetworks.com/">https://threatvault.paloaltonetworks.com/</A></P><P>maybe there is no signature for that or maybe it is false positive for PaloAlto.</P></BODY></HTML> Thu, 04 Jul 2013 11:15:21 GMT https://live.paloaltonetworks.com/t5/general-topics/how-palo-alto-detect-virus/m-p/44458#M32625 Retired Member 2013-07-04T11:15:21Z https://live.paloaltonetworks.com/t5/general-topics/how-palo-alto-detect-virus/m-p/44459#M32626 <HTML><HEAD></HEAD><BODY><P>Maybe virus didn't go through the palo or using a rule with no security profile.</P><P></P><P>v.</P></BODY></HTML> Thu, 04 Jul 2013 12:51:10 GMT https://live.paloaltonetworks.com/t5/general-topics/how-palo-alto-detect-virus/m-p/44459#M32626 VinceM 2013-07-04T12:51:10Z https://live.paloaltonetworks.com/t5/general-topics/how-palo-alto-detect-virus/m-p/44460#M32627 <HTML><HEAD></HEAD><BODY><P>Do you have the traffic logs, and the information about the virus? In cases where the attack could have been a zero day attack, we can use the wildfire functionanlity of the PANFW to report unknown signatures to the cloud, analyze these signatures and determine if they are malicious or not. </P><P></P><P>BR,</P><P>Karthik RP</P></BODY></HTML> Thu, 04 Jul 2013 14:11:08 GMT https://live.paloaltonetworks.com/t5/general-topics/how-palo-alto-detect-virus/m-p/44460#M32627 kprakash 2013-07-04T14:11:08Z https://live.paloaltonetworks.com/t5/general-topics/how-palo-alto-detect-virus/m-p/44461#M32628 <HTML><HEAD></HEAD><BODY><P>Other things to take into account (if the download actually passed the PA) is if ssl was used or not and if so did you have ssl-decryption enabled?</P><P></P><P><SPAN>If you have a copy of the malicious file you could try to upload it manually to wildfire and see which opinion wildfire has on the file in question (first login to </SPAN><A class="jive-link-external-small" href="https://support.paloaltonetworks.com):">https://support.paloaltonetworks.com):</A></P><P></P><P><A href="https://wildfire.paloaltonetworks.com/" title="https://wildfire.paloaltonetworks.com/">https://wildfire.paloaltonetworks.com/</A></P></BODY></HTML> Thu, 04 Jul 2013 18:12:41 GMT https://live.paloaltonetworks.com/t5/general-topics/how-palo-alto-detect-virus/m-p/44461#M32628 mikand 2013-07-04T18:12:41Z https://live.paloaltonetworks.com/t5/general-topics/how-palo-alto-detect-virus/m-p/44462#M32629 <HTML><HEAD></HEAD><BODY><P><A __default_attr="5454" __jive_macro_name="user" class="jive_macro jive_macro_user" data-objecttype="3" href="https://live.paloaltonetworks.com/"></A> can you please reply? You had a few different people who have had the courtesy of asking you for more information in this thread that you started who are trying to help you...</P></BODY></HTML> Fri, 26 Jul 2013 00:09:03 GMT https://live.paloaltonetworks.com/t5/general-topics/how-palo-alto-detect-virus/m-p/44462#M32629 ericgearhart 2013-07-26T00:09:03Z https://live.paloaltonetworks.com/t5/general-topics/how-palo-alto-detect-virus/m-p/44463#M32630 <HTML><HEAD></HEAD><BODY><P>DOS protection and Zone protection is typically applied for attacks.</P><P>Make sure to apply DOS protection to the security rule.</P><P>Zone protection profile needs to be assigned to respective Zone.</P><P></P><P>Make sure the content is uptodate and security rules are using AV, Vulnerability profile.</P><P></P><P>If you find some virus which was not covered, pcaps/relevant URLs can be submitted to add the coverage.</P><P></P><P>Wildfire can be configured which can help us identify the suspicious traffic.</P></BODY></HTML> Fri, 26 Jul 2013 19:35:10 GMT https://live.paloaltonetworks.com/t5/general-topics/how-palo-alto-detect-virus/m-p/44463#M32630 ukhapre 2013-07-26T19:35:10Z