Adobe-Creative Cloud WildFire Virus alerts.

Hi, Since this morning June 17/2020 I have been getting Virus alerts in the Threat log. It has pointed out that ProxyResolverWin7.dll is the culprit. I went to a few machines and searched for ProxyResolverWin7.dll and uploaded it to VirusTotal. All came back clean. I then ran a malware scan (Cortex) on a few machines and again it came back clean...

Apache Log4j Vulnerability -- Wildfire vrs update to Application and Threat content update 8502

maybe question i should ask myself after cup of morning coffee.Hope you can help...I see recommendation for Next Gen firewall: (Application and Threat content update 8502)Next-Generation Firewalls or Prisma Access with a Threat Prevention security subscription can automatically block sessions related to this vulnerability using Threat IDs.91991,...

URL Blocking not working

HelloCan anyone explain why this doesn't work?I added misoft5.s3.us-east-2.amazonaws.com and misoft5.s3.us-east-2.amazonaws.com/* to my blocked URL list.If I type in misoft5.s3.us-east-2.amazonaws.com in a browser I get the BLOCKED page. All is well.But the users are clicking on a bad link, https://misoft5.s3.us-east-2.amazonaws.com/login.mcrs0f...

id threat 91991

Hola a todos, ¿pueden ayudarme a filtrar en el ID de registro de amenazas 91991 en el firewall, cuál es el nombre que debo poner en el filtro? Aprecio tu ayuda

Status of a given threat signature?

I'm running a 9.1 firewall with threat protection and wildfire. How do i check that a specific threat signature is turned on and blocking?

Firewall is allowing certain packets through different policy in URL based traffic blocking scenario

Hi Team, We had configured an EDL today with URL list and created an security policy and applied it for an specific source IP address. We had tried to access an URL in the EDL list and the website is not loading on the PC. When checking the Traffic logs with source and destination IP some traffic is being blocked through desired policy. But some...

Threat ID 52019

Hi, Im Trying to get some information on "Threat ID 52019", as i found only 1 document referencing it in the Palo Alto Knowledge Base . The information provided does not describe it. Is there a way to get more information on this? FYI, I don't have access to threat vault. Thanks!

CVE-2021-42574

Minemeld alternative

Hello , On of our customer is dependent on their partner for Minemeld EDL The Partner is hosting the Minemeld server and now our customer is planning to build their own Minemeld As Minemeld is no longer supported by PAN and is purely an open Source support product , What would be the best alternative and cost effective approach for the customer ...

malware.azjf C2 traffic

Hi,I am seeing a lot of traffic being identified as malware.azjf C2 traffic over the last couple of days since the last threat update. I have noticed a pattern that users are visiting Wordpress websites that use the owl carousel plugin and checking these sites on VT they come up clean so appears to be a false positive.Is anyone else aware of thi...

NetBIOS in todays world

Hi Community, I'm curious about your opinions to NetBIOS traffic.I'm aware, that you can disable NetBIOS per interface via ncpla.cpl or via DHCP options. With typical customers and current systems, you still see netbios connection between Windows systems.Can anyone tell me, if that is really necessary in todays windows world? Are there security ...

Content-ID - Hold Client Request

Hi All, I'm curious to know how many of you have implemented the URL Filtering best practise, Content-ID - 'Hold client request for category lookup' feature? This feature is of particular interest to me because without this feature, the logs of other systems can be skewed if the session is initially permitted. What is the recommended setting for...

Palo Alto Firewall Swap Problem appliance is 100% (fully utilized)

Hello Team, we Faced an problem for as the following below :(active)> show system resourcestop - 08:06:55 up 277 days, 16:43, 1 user, load average: 0.21, 0.14, 0.14Tasks: 124 total, 3 running, 120 sleeping, 0 stopped, 1 zombie%Cpu(s): 3.4 us, 1.6 sy, 0.2 ni, 94.7 id, 0.0 wa, 0.0 hi, 0.1 si, 0.0 stKiB Mem : 3849884 total, 506592 free, 1731652 ...

How to block a specific file with hash value?

Hi Guys, I am using a pair of PA820 with TP, URL Scan and WF. I received a list of hash values from my Authority but couldn't find any hits on VirusTotal. Without doubting my big boss, I wanted to manually block it in the firewall but could not find a means to do so, any kind soul can give me a pointer? Sample of the file as below MD5: 13d28c1f9...