This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4173 Views
  • 0 replies
  • 0 Likes

Mitigation recommendation for certain vulnerability assesment done by VAPT team

Hi Team, Current PAN OS -8.1.10Customer had run a VAPT assesment where they came up with certain Vulnerability such as90317 - SSH Weak Algorithms Supported 70658 - SSH Server CBC Mode Ciphers Enabled 71049 - SSH Weak MAC Algorithms Enabled While checking certain things are not there from the firewall end but while checking using their Vulnerabil...

CVE-2021-31166 vulnerability - any possible solutions from Palo to block this?

CVE-2021-31166 vulnerability - any possible solutions from Palo to block this? Or create a custom signature.info I came across, but not sure if this is something Palo is planning on adding to their threat vuln protection signatures. See Microsoft has a patch, KB5003173, but what about until machines can be patched?https://www.tenable.com/blog/mi...

tshooter by L2 Linker
  • 5940 Views
  • 5 replies
  • 0 Likes

TCP timestamp response on MGMNT IP

In my case, the team is performing a vulnerability assessment on PA820Vulnerability Title: TCP timestamp response.Description: The remote host responded with a TCP timestamp. The TCP timestamp response can be used to approximate the remote host's uptime, potentially aiding in further attacks. Additionally, some operating systems can be fingerpri...

Codecov Breach

A conversation I have been hearing crop up is whether or not customers should be worried about Palo Alto being a Codecov customer and if that means that they are affected as well? Are only direct clients of Codecov affected?

PMcelroy by L0 Member
  • 2115 Views
  • 0 replies
  • 0 Likes

Resolved! Base url category is different from sub url category the traffic was under allow need to know why it was not blocked

Hi Team, Below screenshot states that the base url firebasestorage.googleapis.com comes under content delivery network and the sub Url comes under phishing where customer wants to know why they were not blocking by the firewall.Also while im checking with the Virsutotal the below urls have been mentioned as phishing. I just wanted to know how to...

Vijaygvasan_1-1619514107687.png
Vijaygvasan_0-1619514053553.png

Host sweep alert from an iPad

We have an iPad that is triggering our scan block policy as a host sweep. The iPad is attempting to connect to one external (Internet) IP over port 443. It's happened for the past few days to a different external IP each time. Threat vault info.Name: SCAN: Host SweepUnique Threat ID: 8002 Has anyone else seen this behavior?What are the threshold...

Virus/Win32.WGeneric.ajtozf / ms-ds-smbv3

We have been seeing alot of detections for smbv3 for file detections varying from pdf to any office document. Wildfire has been picking up the traffic, marking it as Threat and either resetting it or alerting on in. This monthly only we have had about 300+ of the same signature detections. Anyone else seeing it in their environment as well? What...

Syslog to exclude BYOD subnets from logging

Hi all , We do have a few questions on Logging. 1. Can we exclude the BYOD subnet from alerting as they flooding us with irrelevant logs. (both URL and Threat monitoring)2. Can we exclude some category in URL from sending syslog messages. Example here we don't want to send URL log in the category privet-ip-address to the syslog destination. Ov...

Resolved! Microsoft.csharp.dll Virus/Win32.WGeneric.bcycrm - False positive - runtime silverlight Signed by Microsoft

Hi, It's seems that this file signature should be disabled as it is an official and signed binary from Microsoft of the Silverlight Runtime File Hash: fe1f3cde0bacb77a297360b5e022087456b8bf5bLink to Virustotal report for the file: https://www.virustotal.com/gui/file/65064f54e1da6200ff74d32da0f7693f07b6b44f7170b5e1bd35034ec4f1c140/detectionCurren...

rlesavre_0-1618330245906.png
rlesavre by L1 Bithead
  • 4242 Views
  • 1 replies
  • 0 Likes

ssl forward decryption not work with URL category (proxy-avoidance-and-anonymizers )PAN 10.0.5

I upgrade from Pan os 9.1 to 10.0.5 and i foud some issue in any proxy website with URL category (proxy-avoidance-and-anonymizers ) like https://www.proxysite.com/ it bypass any blocked traffic even with ssl decryption policy ,however other category like URL category( translate) like google translate can see block traffic and stop it !!!!!!

  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks