This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4170 Views
  • 0 replies
  • 0 Likes

Malicious signature "Virus/Win32.WGeneric.bjpxbe" detected on Cortex XDR

Hi,Malicious signature "Virus/Win32.WGeneric.bjpxbe" is detected on Cortex XDR. When dwelled further, details & screen grab from THREAT VAULT are shared for your perusal Unique Threat ID: 422569341SHA256 values are (09fb42aa3d9fcb32e2dab5f9e614a1975eac3324647becbb2f703505048c7aaf and c42276b3b59e61e55fdee93223708f0a12...

FarooqHussain_0-1631297224416.png

Resolved! DNS Security

Hello,Is there any way to turn off the following information after commit on 9.0.1 with Anti-Spyware Profile attached to Security Policy?I can't delete Palo Alto Networks DNS Security option from Anti-Spyware Profile. WarningsWarning: No Valid DNS Security License(Module: device) Lukasz

lcelinski by L1 Bithead
  • 30576 Views
  • 11 replies
  • 3 Likes

Vulnerability CVE 2021-3050

Hey, guys, one of my clients want the POA (Plan of Action) for this vulnerability what should I check in the firewall. I checked the Traffic WAN TO WAN the security Profiles are attached properly but the management IP is pvt i access the firewall by the public. is there any Command through CLI I enable the threat ID given in the as the resolved...

Latest DDOS attack related issue on Palo alto

Hey guys one of my client having a concern about the security patch. he has PA-820 PA and PA-220. The New DDOS attack is there ID is CIAD-2021-0030 https://clicktime.symantec.com/3QdtY9QLh9kb4B5ny33Z2KD7Vc?u=https%3A%2F%2Fwww.cert-in.org.in%2FPlease check the Palo alto firewall is capable to handle this attack. is Palo alto have this security pa...

How to enable signature of Unique threat id

Hello guys hope you doing well I had one question this vulnerability is resolved in the unstable version of PANOS as I see we want to enable the Unique id signature because the affected version is 9.1.4 and 10.0.0 so what should I do to enable this unique threat id. what will be the impact to end users, If we go ahead with the workaround CVE-20...

Is PAN AV and/or Wildfire capable of analysing docker image

Hi, We have enabled SSL Decryption for almost all the web access of our users. Our devs are asking us to whitelist hub.docker.com, because it's anoying to put our internal CA in kubernetes.I get it, but there's multiple example of docker image who was Malicious. I wonder if our firewall is able to detect that the currently docker image that an u...

case ID-01857601

Hi, After executing below cmd we are not able access SSH > configure# delete deviceconfig system ssh# set deviceconfig system ssh ciphers mgmt aes256-ctr# set deviceconfig system ssh ciphers mgmt aes256-gcm# set deviceconfig system ssh default-hostkey mgmt key-type ECDSA 256# set deviceconfig system ssh regenerate-hostkeys mgmt key-type ECDS...

Resolved! Colours Whatsapp Spyware

Hi I am seeing these alerts GENERIC:COLORS.WHATSAP.TOP(345898629) on a regular basis recently, they start at random times and they persist for around an hour then drop. Has anybody else seen this ? we have checked the host that is generating the alerts and there is no indication that it has been compromised by the above virus although the user d...

DNS Security and Untrust to Untrust Alerts

We are currently doing a trial of the DNS Security license on our firewalls. After enabling I am seeing a decent amount of alerts coming into XDR for DNS Tunneling. However when looking at the alerts they are all coming in from the Intrazone Untrust rule. Can we put an exclusion on these alerts or do we have a potential issue that we need to ...

JasonPeterson_0-1627517057874.png
JasonPeterson_1-1627517130124.png

Wininfo.exe alerts - Received alert from Traps regarding malware detection of maximum system

received alert from Traps regarding malware detection of the maximum system due to file “Wininfo.exe”.Please find a snapshot of one system and suggest how to fix this. Is there any impact? CORTEXXDR WildFire MalwareHighSource:XDR AgentCategory:MalwareAction:Detected (Post Detected)Host:SS-akhilUsername:N/AStarred:NoExcluded:NoAlert:1240Incident...

Wininfo.jpg

File wininfo.exe cassified as malicious(verdict changed today), yet appears to be a legitimate Lenovo service

We had a ton of alerts in XDR generate on this file hash3ae8462769a4d5012b66af226a196bb12571c72a231b66f07afcc838e878045cWhich is related to the above fie but everywhere we look it looks like an authentic Lenovo service related to BIOS updates.Does anyone know why the file determination was changed to malicious today?

  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks