Advanced Threat Prevention Discussions

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! DNS Security

Hello,

Is there any way to turn off the following information after commit on 9.0.1 with Anti-Spyware Profile attached to Security Policy?

I can't delete Palo Alto Networks DNS Security option from Anti-Spyware Profile.

Warnings

Warning: No Valid DNS Se

...

Hey, guys, one of my clients want the POA (Plan of Action) for this vulnerability what should I check in the firewall. I checked the Traffic WAN TO WAN the security Profiles are attached properly but the management IP is pvt i access the firewall by

...

Latest DDOS attack related issue on Palo alto

Hey guys one of my client having a concern about the security patch. he has PA-820 PA and PA-220. The New DDOS attack is there ID is CIAD-2021-0030

https://clicktime.symantec.com/3QdtY9QLh9kb4B5ny33Z2KD7Vc?u=https%3A%2F%2Fwww.cert-in.org.in%2F

Please

...

Resolved! threat generic:5llion.com generic:conti.news

How to block this “unknown“ event to the customer that contains the threat generic:5llion.com (408607164). Because this threat is categorized as DNS Signature, the event had the destination port 53

How to enable signature of Unique threat id

Hello guys hope you doing well I had one question this vulnerability is resolved in the unstable version of PANOS as I see we want to enable the Unique id signature because the affected version is 9.1.4 and 10.0.0 so what should I do to enable this u

...

Is PAN AV and/or Wildfire capable of analysing docker image

Hi,

We have enabled SSL Decryption for almost all the web access of our users.

Our devs are asking us to whitelist hub.docker.com, because it's anoying to put our internal CA in kubernetes.

I get it, but there's multiple example of docker image who wa

...

Enabling signatures in content update version 8317

Checking CVE-2020-2040 it says "Until PAN-OS software is upgraded to a fixed version, enabling signatures in content update version 8317 will block attacks against CVE-2020-2040.", and I'm not sure what does "enabling signatures in content update ver

...

case ID-01857601

Hi,

After executing below cmd we are not able access SSH

> configure
# delete deviceconfig system ssh
# set deviceconfig system ssh ciphers mgmt aes256-ctr
# set deviceconfig system ssh ciphers mgmt aes256-gcm
# set deviceconfig system ssh default-hostk

...

Resolved! Colours Whatsapp Spyware

Hi

I am seeing these alerts GENERIC:COLORS.WHATSAP.TOP(345898629) on a regular basis recently, they start at random times and they persist for around an hour then drop.

Has anybody else seen this ? we have checked the host that is generating the aler

...

Resolved! I want to know where to find the allowed traffic drop and to correct it

Hi friend,

I already done the security policy, but it seem there are some traffic drop. Where can i find it out for the traffic drop?

Thank you.

DNS Security and Untrust to Untrust Alerts

We are currently doing a trial of the DNS Security license on our firewalls. After enabling I am seeing a decent amount of alerts coming into XDR for DNS Tunneling. However when looking at the alerts they are all coming in from the Intrazone Untrust

...

Wininfo.exe alerts - Received alert from Traps regarding malware detection of maximum system

received alert from Traps regarding malware detection of the maximum system due to file “Wininfo.exe”.

Please find a snapshot of one system and suggest how to fix this. Is there any impact?

CORTEXXDR

WildFire Malware

High

Source:XDR Agent

Category:Malwa

...

vulnerability and spyware showing in monitor need to check its blocked from PA or not and need more clarity on same

File wininfo.exe cassified as malicious(verdict changed today), yet appears to be a legitimate Lenovo service

We had a ton of alerts in XDR generate on this file hash
3ae8462769a4d5012b66af226a196bb12571c72a231b66f07afcc838e878045c

Which is related to the above fie but everywhere we look it looks like an authentic Lenovo service related to BIOS updates.

Does an

...

virus/Win32.WGeneric.atarqw

I've had a computer recently that got flagged in the firewall with this virus. The virus name is :Win32.WGeneric.atarqw。
,however when scanning the computer
I can't find the virus. Virustotal also doesn't have anything on this virus when I search.
Is th

...

Discussions

Welcome to the Threat & Vulnerability Discussions!

Rules and Best Practices

Resolved! DNS Security

Vulnerability CVE 2021-3050

Latest DDOS attack related issue on Palo alto

Resolved! threat generic:5llion.com generic:conti.news

How to enable signature of Unique threat id

Is PAN AV and/or Wildfire capable of analysing docker image

Enabling signatures in content update version 8317

case ID-01857601

Resolved! Colours Whatsapp Spyware

Resolved! I want to know where to find the allowed traffic drop and to correct it

DNS Security and Untrust to Untrust Alerts

Wininfo.exe alerts - Received alert from Traps regarding malware detection of maximum system

vulnerability and spyware showing in monitor need to check its blocked from PA or not and need more clarity on same

File wininfo.exe cassified as malicious(verdict changed today), yet appears to be a legitimate Lenovo service

virus/Win32.WGeneric.atarqw

Upgrade from Basic Threat Prevention to Advanced Threat Prevention

PAN-OS logs

Are there signature release for following vulnerabilities?

Cannot update Adobe Creative Cloud

App & Threat Content Comparison Utility

Unlock your full community experience!

Rules and Best Practices

Resolved! DNS Security

Resolved! threat generic:5llion.com generic:conti.news

Resolved! Colours Whatsapp Spyware

Resolved! I want to know where to find the allowed traffic drop and to correct it