False Positive

Hello,

Please fix false positive detection: 

https://www.virustotal.com/gui/file/5259f523e41ffa42af0753df4c020f911a585b311c3267f17703c14920a352b8?nocache=1

Thank you!

Open port 9339 - CVE-2016-2183

Hi,

After the update PA to version 11.1.0 (currently we are using version 11.1.1 but the problem still exists), Nessus discovered open TCP port 9339 and alerted about vulnerability SWEET32 (screen attached below).

It is weird, because port 9339 is u

Update PAN-OS 11.1.0 to 11.2.1?

Hi all -

With regard to CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect and other issues, our PA-820 is running PAN- OS 11.1.0, should it be updated to PAN-OS 11.2.1?

Thank you

Container Base images

In Prisma cloud how do i track base images. that is the know who is using the defined base images and who is not using them. like can i get a list of all containers leveraging the defined base images? 

False Positive: Virus/Win32.WGeneric.eefmlb on stream.x64.x-none.dat

Started getting false positives on our SCCM server after a repackaging of Microsoft Office 365 source, looks to be specifically on the data file for Microsoft Stream client. VirusTotal comes up clean.

Azure Microsoft Defender Security Warnings

Recently Microsoft Defender for Cloud has started reporting various files in our palo alto as malware. The most recent one today is hdd/mfa1z5om.aa2/tmp and hdd/mfa1z5om.aa2/usr/sbin as Trojan:Linux/Casdet!rfn. There have been daily alerts with vario

AcrobatDCx64Manifest3.msi from Akamai 23.200.196.138 detected as ml-virus

VA issue

Is there anyway to solve those VA issue?

1) 90317 - SSH Weak Algorithms Supported

2) 42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)

3) 70658 - SSH Server CBC Mode Ciphers Enabled

4) 71049 - SSH Weak MAC Algorithms Enabled

Kindly help plea

Can you setup a failure grace period for CI image scans based on first found date

I'm looking for a way to set a failure grace period for CI image scans based on the first found date. I see in the rulesets you can set a failure grace period based on the first fix date. 

For example, if we were to set an expectation that any high

Threat Prevention Rules, Exceptions, Default Actions Precedence

I want to confirm the order of precedence for security profile rules, default actions, and exceptions.  For example, the default action for the SSH User Authentication Brute Force Attempt threat is alert.  However, the threat profile rule associated

Many threats for DNS blocklists fresh.fmb.la and support-intelligence.net

Two DNS blocklists used by standard SpamAssassin 4.0 have many Palo Alto threat IDs for wildfire, malware and phishing. Blocklists are not phishing sites but give back DNS values to decide if should be blocked by mailservers or not. Especially needed