https://live.paloaltonetworks.com/t5/general-topics/invalid-threat-id-number-next-steps/m-p/47028#M34569 <HTML><HEAD></HEAD><BODY><P>In the threat logs, the PAN is detecting a virus for internal traffic, server to client, but the threat id doesn't match anything in the threat vault, 1 number too short, 253879. What's the best way to identify if the threat is legitimate, not a false positive? application = ms-ds-smb, url LogoinScript.VBS </P></BODY></HTML> Tue, 20 Aug 2013 00:14:56 GMT tstores 2013-08-20T00:14:56Z https://live.paloaltonetworks.com/t5/general-topics/invalid-threat-id-number-next-steps/m-p/47028#M34569 <HTML><HEAD></HEAD><BODY><P>In the threat logs, the PAN is detecting a virus for internal traffic, server to client, but the threat id doesn't match anything in the threat vault, 1 number too short, 253879. What's the best way to identify if the threat is legitimate, not a false positive? application = ms-ds-smb, url LogoinScript.VBS </P></BODY></HTML> Tue, 20 Aug 2013 00:14:56 GMT https://live.paloaltonetworks.com/t5/general-topics/invalid-threat-id-number-next-steps/m-p/47028#M34569 tstores 2013-08-20T00:14:56Z https://live.paloaltonetworks.com/t5/general-topics/invalid-threat-id-number-next-steps/m-p/47029#M34570 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>If you&nbsp; share your login scripts with us, we will be able to verify the false positive/negative test for it. Also wanted to know, is the file passing through the PANFW while you are logging into the machine..? </P><P></P><P>Thanks</P></BODY></HTML> Tue, 20 Aug 2013 00:46:28 GMT https://live.paloaltonetworks.com/t5/general-topics/invalid-threat-id-number-next-steps/m-p/47029#M34570 HULK 2013-08-20T00:46:28Z