Advanced Threat Prevention Discussions

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Codecov Breach

A conversation I have been hearing crop up is whether or not customers should be worried about Palo Alto being a Codecov customer and if that means that they are affected as well? Are only direct clients of Codecov affected?

Resolved! Base url category is different from sub url category the traffic was under allow need to know why it was not blocked

Hi Team,

Below screenshot states that the base url firebasestorage.googleapis.com comes under content delivery network and the sub Url comes under phishing where customer wants to know why they were not blocking by the firewall.

Also while im checking

...

malware

Hola, detectamos esta URL que es un malware indevafd.com

Resolved! Need to disable SNMP setting from WF-500 private cloud

For vulnerability

1) SNMP Agent Default Community Name (public) port - UDP 161

2) SNMP 'GETBULK' Reflection DDoS

Port - UDP 161

We have to disable SNMP on WF-500, which have been detected by VAPT.

Please, share the article or steps how to disable SNMP

...

False Positive? PDQ and virus win32.wgeneric.bdakpv

After installing a fresh version of PDQ Deploy and/or PDQ Inventory, got two threat notices of this, from our PDQ server to one of our servers it is supposed to scan.Thinking it is a false positive.

Virus/Win32.WGeneric

win32.wgeneric.bdakpv

Th

...

Host sweep alert from an iPad

We have an iPad that is triggering our scan block policy as a host sweep. The iPad is attempting to connect to one external (Internet) IP over port 443. It's happened for the past few days to a different external IP each time.

Threat vault info.

Name:

...

Virus/Win32.WGeneric.ajtozf / ms-ds-smbv3

We have been seeing alot of detections for smbv3 for file detections varying from pdf to any office document. Wildfire has been picking up the traffic, marking it as Threat and either resetting it or alerting on in. This monthly only we have had abou

...

Syslog to exclude BYOD subnets from logging

Hi all , We do have a few questions on Logging.

1. Can we exclude the BYOD subnet from alerting as they flooding us with irrelevant logs. (both URL and Threat monitoring)

2. Can we exclude some category in URL from sending syslog messages. Example he

...

Resolved! Microsoft.csharp.dll Virus/Win32.WGeneric.bcycrm - False positive - runtime silverlight Signed by Microsoft

Hi,

It's seems that this file signature should be disabled as it is an official and signed binary from Microsoft of the Silverlight Runtime

File Hash: fe1f3cde0bacb77a297360b5e022087456b8bf5b

Link to Virustotal report for the file: https://www.virusto

...

ssl forward decryption not work with URL category (proxy-avoidance-and-anonymizers )PAN 10.0.5

I upgrade from Pan os 9.1 to 10.0.5 and i foud some issue in any proxy website with URL category (proxy-avoidance-and-anonymizers ) like https://www.proxysite.com/ it bypass any blocked traffic even with ssl decryption policy ,however other catego

...

Resolved! Non-RFC Compliant Telnet Traffic on Port 23

Can someone explain about the threat name/vulnerability Non-RFC compliant Telnet traffic on Port 23?

pa3220 POS 9.1.5

howdy,

The short question is a block country rule on 1/8 the thing to do?

or a white list of ip? and apps?

Thank you

Mike

Resolved! block adult content in twitter or through google translator ?

hi all ,

can i block adult content in twitter and google translator without closing the sites ?

Resolved! Protections against CVE 2020-15999?

Does anyone know how/if there are protections out there to mitigate the latest 0 day threat for Chrome? CVE 2020-15999? Thanks in advance.

2960X - WAN and DMZ on same switch separated by vlans?

the title says it pretty much. Trying to consolidate a 24 port switch that only uses 3 ports with another 24 port that is only using 2 ports.

How safe/comfortable would you be if you used the same switch for DMZ and WAN traffic, but separate them b

...

Discussions

Welcome to the Threat & Vulnerability Discussions!

Rules and Best Practices

Codecov Breach

Resolved! Base url category is different from sub url category the traffic was under allow need to know why it was not blocked

malware

Resolved! Need to disable SNMP setting from WF-500 private cloud

False Positive? PDQ and virus win32.wgeneric.bdakpv

Host sweep alert from an iPad

Virus/Win32.WGeneric.ajtozf / ms-ds-smbv3

Syslog to exclude BYOD subnets from logging

Resolved! Microsoft.csharp.dll Virus/Win32.WGeneric.bcycrm - False positive - runtime silverlight Signed by Microsoft

ssl forward decryption not work with URL category (proxy-avoidance-and-anonymizers )PAN 10.0.5

Resolved! Non-RFC Compliant Telnet Traffic on Port 23

pa3220 POS 9.1.5

Resolved! block adult content in twitter or through google translator ?

Resolved! Protections against CVE 2020-15999?

2960X - WAN and DMZ on same switch separated by vlans?

PAN-OS logs

Are there signature release for following vulnerabilities?

Cannot update Adobe Creative Cloud

App & Threat Content Comparison Utility

Wildfire False Positive for THREAT-ID 614284446

Unlock your full community experience!

Rules and Best Practices

Resolved! Base url category is different from sub url category the traffic was under allow need to know why it was not blocked

Resolved! Need to disable SNMP setting from WF-500 private cloud

Resolved! Microsoft.csharp.dll Virus/Win32.WGeneric.bcycrm - False positive - runtime silverlight Signed by Microsoft

Resolved! Non-RFC Compliant Telnet Traffic on Port 23

Resolved! block adult content in twitter or through google translator ?

Resolved! Protections against CVE 2020-15999?