Resolved! Virus/Win32.WGeneric.ajdriy - OneDriveSetup.exe

Hi,

Since yesterday April 13/2020 I have been getting Virus alerts in the Threat log on my PAN 3020. It has pointed out that OneDriveSetup.exe is the culprit.

I went to a few machines and searched for OneDriveSetup.exe and uploaded it to VirusTotal.

Resolved! Virus/Win32.WGeneric.aktpum - OneDriveSetup.exe detected via an Antivirus

Hello, 
Are seeing the following in Cortex XDR 
'Threat ID #348815361' generated by PAN NGFW detected on host 10.x.x.x involving user ZZZZ\first.last

Threat ID: 2418537

Current Release: 3394 (2020-06-28 UTC)

First Release: 3394 (2020-06-28 UTC)

SHA256:  

Resolved! URL Filtering

http://shodan.io/ URL is categorized as hacking website.

Can someone advise as internal users want access to it?

Resolved! We have enabled ssl inbound decryption and able to exploit the vulnerabilty

We have ssl inbound  decryption configured  and from outside we are able to exploit the vulnerabilty.

Need to know why PA allows the connection for that signature.

Vul  threat id is 57230

Name Telerik Web UI

Resolved! Spyware with DNS Protection

Hi All,

Our Firewall drop DNS traffic of C&C ( us.jaxonsorensen.club, news.sqllitlerver.info & log.osloger.biz) with source IP Address of Firewall. This issue after update the Threat 28/05/2020. 

Will appreciate any help/suggestions.

Best regards,

Khai

Resolved! Microsoft Directory Services/ms-ds-smbv3 - Virus/Win32.WGeneric.yurld

We are see numerous alarms from our SIEM from our Palo Alto firewall. Here is a copy of a scrubbed log message below. When asking the user about their activity, they only RDP'ed into various servers from their laptop via the Globalprotect VPN for rem

Resolved! Microsoft URL being DNS sinkholed suddenly?

Has anyone else started getting DNS sinkhole threat alerts for the below domain? About half a day ago I started getting a tonne of sinkhole alarms from our PA for this URL. It looks to be a legitimate Microsoft domain and IP. In the PA threat log it

Resolved! DNS issues after implementing GeoBlock policy.

Hey guys, wanted to see if I can can get any input on this here - had to Geoblock one of  the countries for inbound/outbound traffic completely. Everything was fine until I found out that one of the employees started having issues with email delivery

Resolved! Microsoft office/teams malicious traffic

We are seeing bunch of Microsoft office 365/teams related traffic categorized as vulnerable/virus. But we don't find anything malicious about it, although it is being dropped.

Resolved! Malicious traffic blocked by PAN : Virus/Win32.WGeneric.ajbecg(340897548)

Hi Team,

These are the below sign identified in our network and want to know the reason for this trigger.

Please provide the related application effected? Why are this signature identified and what the user is trying to access so that PAN blocked the t