This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4172 Views
  • 0 replies
  • 0 Likes

virus/Win32.WGeneric.atarqw

I've had a computer recently that got flagged in the firewall with this virus. The virus name is :Win32.WGeneric.atarqw。,however when scanning the computerI can't find the virus. Virustotal also doesn't have anything on this virus when I search.Is this a false positive? Anyone else experience this in the firewall?i check it on threat vault on p...

Felixcao by L3 Networker
  • 2396 Views
  • 0 replies
  • 0 Likes

Threat ID 58644 false positives

For the past couple weeks we have seen apparent false alerts for Threat ID 58644. The Threat Vault references that this ID is for detection of a PHP shell injection vulnerability in RiteCMS, CVE-202-23934, which was first released 7/28/2020 and last updated 7/20/2021. Since 7/21 we have had repeated alerts under this Threat ID for images and vid...

Container scanning(Basic question)

Hi, Ours is a digital bank. We are in the process of picking a tool to scan the docker images in the AWS code pipeline. While we were scanning using the default ECR scan process we noticed CVE-2021-33574, CVE-2019-25013, CVE-2021-3520. These are related to C libraries which we have nothing to do with.So we need to pick tools like Twist...

spatial by L0 Member
  • 3733 Views
  • 1 replies
  • 0 Likes

Resolved! Virus/Win32.WGeneric.bhqpnl messages by Saas solution Basware ( approval bulk invoices )

Hello everyone,We had our Citrix environment recently that got flagged in the firewall with this virus. ( after 14-07 ) Virus/Win32.WGeneric.bhqpnlWe have a Saas solution of the product Basware. ( Bulk approval invoices ) We see on the Palo-Alto that an Absent loader ( Malware Dropper ) is seen. The product is working with Silverlight. Also a me...

Resolved! How does a PA know which forward trust certiticate to use for a given decryption profile/policy

Hello, I have a Palo Alto 8.1.18 firewall that is already configured with a SSL Forward Proxy setup for a a current set of traffic. There is only one signed certificate that is configured as the Forwarding Trust and Forwarding Untrust certificate (odd I know), let's call it cert X. I have a new set of traffic that requires SSL Forward Proxy tr...

Resolved! Blocking a user in trusted zone from downloading files on the internet with macros

Hey Guys,So Follow me on this scenario if you would: User on their corp PC behind the trusted interface of the Palo goes to their personal web-based email, opens a bad email, and downloads a file with macros in it. How do I stop that, because the stateful function of the firewall will auto-permit the return traffic (in this case, the macro file)...

SharpCompress.dll \ Virus/Win32.WGeneric.bgvbho

Hello everyone,I've had a computer recently that got flagged in the firewall with this virus. The file name is SharpCompress.dll, however when scanning the computer I can't find the file. Virustotal also doesn't have anything on this virus or SharpCompress.dll when I search. Is this a false positive? Anyone else experience this in the firewall?

How to block .vbox files for protect ransomware?

The ransomware is update again.Now include virus in windows 7 virtual machine and attack host via share folder to host.Palo alto NGFW not have .vbox file type (have vmdk only).How to custom .vbox file type blocking or please update .vbox file type for blocking. Ref : https://www.bleepingcomputer.com/news/security/maze-ransomware-now-encrypts-v...

Threat ID 411977850 created 2021-06-11 13:58:04 (UTC)

We are investigating alerts of this DNS signature for x1.c.lencr.org.I'd expect that a match for a clear text string in a DNS Request that it is very unlikely this is a false detection.However to get alerts so quickly after this signature creation, suggests we are either very unlucky or a very common public internet resource if causing this fl...

Resolved! CVE-2004-0230—GUESSING TCP SEQUENCE NUMBERS AND INJECTING RST PACKETS not in threat DB

Hi All, CVE-2004-0230 does not seem to show up in the Palo Alto Networks threat database, but the below KB article seems to indicate that PAN have introduced threat mitigation for this CVE in PAN-OS 6.0. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CllyCAC I am wondering if this is an error in the PA threat database?...

Ben-Price by L4 Transporter
  • 5430 Views
  • 3 replies
  • 0 Likes

Cool PDF Reader PDF Stream Handling Buffer Overflow Vulnerability - CVE-2012-4914

Today we are getting bombarded with reports of email issues. Digging into the reports we have a lot of users who aren't able to send PDF's and the culprit is that the attachments are getting flagged by PAN. The related CVE shows it was updated yesterday. I'm struggling to find much information about the CVE. I feel like given the volume of repor...

evievarga_0-1625076925319.png
evievarga_1-1625077009946.png
  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks