Advanced Threat Prevention Discussions

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Samba Out-of-Bounds Heap R/W Remote Code Execution (RCE) Vulnerability (CVE-2021-44142)

Hi All,

I would like to know if PAN-OS is affected by the Samba Out-of-Bounds Heap R/W Remote Code Execution (RCE) Vulnerability (CVE-2021-44142) and if they are what actions need to be taken.

We are running 9.1.11-h3 on PA-Firewall and 8.1.15 Panoram

...

Vulnerability

Missing Secure Flag From SSL Cookie.
TLS/SSL Server Is Using Commonly Used Prime Numbers.

we need remediation of the vulnerability

Hello I was looking into an pan threat on the logs I noticed that I Abnormal traffic is being detected does anyone have any ideas to minimize the threat or Best Practices or more possible features I can add to the Panorama

Thanks

Block High Risk TLDs

Hi All,

I want to start blocking 'high risk' top level domains within PAN-OS. Has anyone else done this successfully?

I presume the following should work based on PAN-OS RegEX:

URL Category:

*.eg/

*.ex/

etc....

Set URL Category to 'Block' within exist

...

Threat Log False Positives

Hi,

In short - I'm looking to a way to identify false positives.

My organisation's anti virus profiles within our Palo NGFWs are detecting multiple generic threats of a 'medium' level and blocking them. I'm trying to determine whether any of these ar

...

Minemeld & Log4j

Hello

Is Minemeld affected by Log4j?

I see Palo's Security Advisories about Log4j (https://security.paloaltonetworks.com/CVE-2021-44228) - but there is no Minemeld in it.

Is anybody out there, who can answer this?

thanks

roger

Pros & Cons to Blocking Java Files, and Which Ones to Block

Hey guys,

I've inherited a ruleset that is blocking Java CLASS file downloads, but not Java JAR files. I am not a Java developer and have very limited knowledge of the particulars relating to these files as potential threat vectors. But I have seen n

...

Resolved! URL Filtering malware alert ciscobinary.openh264.org false positive?

Hi, everyone,

Today since 4:44 p.m. we have these malware entries in the URL Filtering Monitor.

The strange thing is, when I look for the ZIP file in the Data Filtering Monitor, this ZIP file has been logged there for weeks.

Is that a false positive me

...

Resolved! Palo Alto Firewall Actions

Hi folks, I am not much familiar with palo alto logs as we're getting logs in siem console in which event name is url filtering and action for this event is allow so can someone please shed some light on this issue?

Resolved! Trying to identify a threat by host contact attempts

All,

We're trying to track down some weirdness being reported by our Panorama instance. Every night around the same time we see some traffic from our central DNS server get sinkholed because it's a "Suspicious DNS Query". We're working in parallel

...

Log4j vulnerability

Hi Team,

How to fix mitigate Log4j vulnerability in Palo Alto Firewall.

Kindly share how can we check whether our product infected and how to overcome from this vulnerability.

Thanks.

Host Sweep

Our Zone Protection | Hoist Sweep configuration was blocking Internet connections on some local hosts due to enabled "News and Interests" Windows 10 Toolbar. I hope this helps with troubleshooting.

Resolved! Change Default Action of a set of threat

Hello,

My customer ask me to change the default action of several threats.
I'm not able to see an Id that I can use to group some threat with the same action on the same rule.
For ex.
PHP Vulnerability scanning Detection (Default :Alert) I have to set to

...

Adobe-Creative Cloud WildFire Virus alerts.

Hi,

Since this morning June 17/2020 I have been getting Virus alerts in the Threat log. It has pointed out that ProxyResolverWin7.dll is the culprit.

I went to a few machines and searched for ProxyResolverWin7.dll and uploaded it to VirusTotal. All c

...

Apache Log4j Vulnerability -- Wildfire vrs update to Application and Threat content update 8502

maybe question i should ask myself after cup of morning coffee.

Hope you can help...

I see recommendation for Next Gen firewall: (Application and Threat content update 8502)

Next-Generation Firewalls or Prisma Access with a Threat Prevention security su

...

Discussions

Welcome to the Threat & Vulnerability Discussions!

Rules and Best Practices

Resolved! Samba Out-of-Bounds Heap R/W Remote Code Execution (RCE) Vulnerability (CVE-2021-44142)

Vulnerability

Abnormal SSL traffic on 443

Block High Risk TLDs

Threat Log False Positives

Minemeld & Log4j

Pros & Cons to Blocking Java Files, and Which Ones to Block

Resolved! URL Filtering malware alert ciscobinary.openh264.org false positive?

Resolved! Palo Alto Firewall Actions

Resolved! Trying to identify a threat by host contact attempts

Log4j vulnerability

Host Sweep

Resolved! Change Default Action of a set of threat

Adobe-Creative Cloud WildFire Virus alerts.

Apache Log4j Vulnerability -- Wildfire vrs update to Application and Threat content update 8502

Upgrade from Basic Threat Prevention to Advanced Threat Prevention

PAN-OS logs

Are there signature release for following vulnerabilities?

Cannot update Adobe Creative Cloud

App & Threat Content Comparison Utility

Unlock your full community experience!

Rules and Best Practices

Resolved! Samba Out-of-Bounds Heap R/W Remote Code Execution (RCE) Vulnerability (CVE-2021-44142)

Resolved! URL Filtering malware alert ciscobinary.openh264.org false positive?

Resolved! Palo Alto Firewall Actions

Resolved! Trying to identify a threat by host contact attempts

Resolved! Change Default Action of a set of threat