Advanced Threat Prevention Discussions

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! IP Geo location issues Apps & Threats update v8559-7361?

Hi,

Since we have installed Apps & Threats update v8559-7361 we see that multiple ip address spaces are incorrect categorized.
Before the upgrade those ip address spaces where categorized as US and after the upgrade categorized as CN (China)

Is it poss

...

Discrepancies in Prisma Vulnerability Scan Report

We are frequently getting discrepancies between our Prisma report and the Client's Prisma Report.

Our one of the customers getting more critical and our Prisma scan report is not even detecting them. I have attached both reports with this mail, pleas

...

Known issue (PAN-202288 & PAN-206672)

Kindly provide the brief about Known issue (PAN-202288 & PAN-206672)

Palo Alto Firewall CVE-2022-2884

Hi,

Does anyone know if GitLab Remote Command Execution Vulnerability is covered with Palo Alto AV Signature?

Is Palo Alto affected by it?

I was not able to find it in their Security Advisories.

Vulnerability Details:

Title

GitLab Remote Comman

...

EDL - Talos block list

I have various EDLs setup on various different PA models. Some work, and populate the list with IP's and effectively block in security policies. However, for Cisco Talos block list, it just will not work:

http://www.talosintelligence.com/feeds/ip-fi

...

Resolved! CVE-2022-00028

Hi all,

I wanted to ask CVE-2022-0028 Pan-os:Reflected amplification dow vulnerability in URL filtering Will still affect my environment if i am using separate PROXY SERVER(Forcepoint proxy) for url filtering purpose?

Palo alto url filtering is

...

Vulnerability: Microsoft Windows RPC Encrypted Data Detected Mean???

hi;

How to remove this message: Microsoft Windows RPC Encrypted Data Detected from a windows 10 computer that palo alto always report this type of thread???

Whats mean Microsoft Windows RPC Encrypted Data Detected???

Resolved! CVE-2022-36067 (Protection against JavaScript Sandbox RCE) is it cover in any Palo Alto Signature

Just want to know CVE-2022-36067 is it cover in any Palo Alto Signature ?

I tried to search it in Threat Vault and Security Advisories also do not have information related to this CVE is that means Palo Alto firewall will not detect this vulnerabili

...

Resolved! Vulnerability protection

I am going to activate a profile with vulnerability protection enabled.

I have many rules without TP profile that I need to enable, but I want to know if the firewall can handle them.

What is the best way to calculate how much CPU load the TP adds to

...

SSH protocol uses Weak key exchange algorithms in PA 500 for PAN OS 8.1.14

Hi Team ,

PA 500 with 8.1.14 (latest OS ) is having the Vulnerability SSH protocol uses Weak key exchange algorithms. I understand we can change algorithm values with set deviceconfig system ssh kex to stronger algorithm post 9.0 unfortunately PA

...

Threat ID in the ranges between 8700-8799, Packet Based Attacks Protections in "Zone Protection" profiles

My customer is worry for log about threat id 8725.

this log is no impact on this device?

I know this is the expected behavior. Exceptions for these signatures are not to be found under the "Vulnerability Protection Profile".

License issue

Hi all,

In my Pa-220 box we have not purchased license of advance threat prevention but its still showing me in the license tab and and its also showing as expired license of (ATP) , the firewall is in ha but on passive one everything is correct,

...

not-resolved URL for s3.us-central-1.wasabisys.com

,

Could you help me see why the s3.us-central-1.wasabisys.com comes back as a not-resolved category and is a threat?

False positive - Threat ID 86672 - NewPOSThing Command and Control Traffic Detection

Has anyone seen critical alerts for this threat? It was added as a new signature yesterday in Apps&Threats release 8626-7624. We immediately had an alert for it for traffic to hxxps://www.riddle.com/ws/connect/5 So far it looks like a false positive

...

Resolved! Microsoft Exchange zero-day 2022

According to below link Microsoft Exchange have expose to new vulnerability again . I am using Palo Alto firewall PAN-OS 9.1.14 may I know Palo Alto firewall is able to detect this vulnerability ? and where to check it since I do not have CVE number.

...

Discussions

Welcome to the Threat & Vulnerability Discussions!

Rules and Best Practices

Resolved! IP Geo location issues Apps & Threats update v8559-7361?

Discrepancies in Prisma Vulnerability Scan Report

Known issue (PAN-202288 & PAN-206672)

Palo Alto Firewall CVE-2022-2884

EDL - Talos block list

Resolved! CVE-2022-00028

Vulnerability: Microsoft Windows RPC Encrypted Data Detected Mean???

Resolved! CVE-2022-36067 (Protection against JavaScript Sandbox RCE) is it cover in any Palo Alto Signature

Resolved! Vulnerability protection

SSH protocol uses Weak key exchange algorithms in PA 500 for PAN OS 8.1.14

Threat ID in the ranges between 8700-8799, Packet Based Attacks Protections in "Zone Protection" profiles

License issue

not-resolved URL for s3.us-central-1.wasabisys.com

False positive - Threat ID 86672 - NewPOSThing Command and Control Traffic Detection

Resolved! Microsoft Exchange zero-day 2022

PAN-OS logs

Are there signature release for following vulnerabilities?

Cannot update Adobe Creative Cloud

App & Threat Content Comparison Utility

Wildfire False Positive for THREAT-ID 614284446

Unlock your full community experience!

Rules and Best Practices

Resolved! IP Geo location issues Apps & Threats update v8559-7361?

Resolved! CVE-2022-00028

Resolved! CVE-2022-36067 (Protection against JavaScript Sandbox RCE) is it cover in any Palo Alto Signature

Resolved! Vulnerability protection

Resolved! Microsoft Exchange zero-day 2022