port scan and flood traffic

We are currently using the default "allow" on port scan (including openvas) and udp flood, since that is the default. Is there any reason not to block those threats?

Block OLE embedded document

Can PA file blocking profile be used to block OLE embedded documents

Thanks

Community or News Group that has taken Snort signatures and converted them to PaloAlto

This is a very easy question for everybody.  A lot of people have most likely created custom signatures from Snort or otherwise to apply to a PaloAlto firewall.  Does anyone know of a news group or community in which those signatures have been conver

Case #01083646: Unexpected behavior: WF-500 Failed to update content

Disk-space on the WF-500 was full and conent updates have been failing.  The commands below were used to resolve the issue:

delete wildfire-metadata update panup-all-wfmeta-<release> 
request wf-content upgrade check 
request wf-content upgrade downloa

Vulnerability alerts

There is a web site www.vpnranks.com(35.170.95.4) that is identified as type=THREAT and App=HAS KNOWN VULNERABILITY.  As a result, it is blocked by our PAN firewalls (i.e. this is the info in the logs when I ping 35.175.95.4).  According to the PAN w

Sw.js, Hipobject.js,rapidworker.js logs generating in Palo alto firewall

Hi Everyone,

Good day,

We have enabled VA profile in our security policies, we find that "Javascript WSF HTA JSE or VBS File Sent in Email(39002)" has been triggered continously in the threat tab of the firewall. We find file names such as sw.js, hip

When can we expect PAN signatures for CVE-2019-6340

https://www.drupal.org/sa-core-2019-003

How to allow a specific Youtube video while all the rest of Video-Streaming websites are blocked

Hi Everyone, I followed this thread posted a number of years back and my issue is not yet solved:

https://live.paloaltonetworks.com/t5/Learning-Articles/How-to-Allow-a-Single-Facebook-YouTube-or-Twitter-Page/ta-p/57542

Basically, Video-Streaming in ge

unknown threat name

Our firewall detected a spyware "C2-Bitsight-Prirrit" with threat id 15006. But I can't find any information about this spyware on Palo Alto's support site. The id seems non-exist. Could it be a mistake? 

How will threat functionality work with asymmetric routing

I would like to understand what will happen to Threat Protection and AntiVirus(TPAV) in the following case.  Both firewalls have "allow" non-syn-tcp turned on. Each firewall is only seeing half of the session and has no idea about the other half. 

My

Exempt domain name instead of exempt ip address for vulnerability

Hello,

We get large amount of high severity threat alarm when users visit Yahoo, they were triggered by this url s.yimg.com/aaq/yc/js/tdv2-applet-canvass.8739955d2bd825cb0aa2.min.js ( 8739955d2bd825cb0aa2 is a random string that changes everytime ).

Test that a Threat Signature is Enabled?

Hello,

Is there a way of testing if a specific Threat Signature is enabled? I recently automated critical threat signatures. both vulnerabilities and anti-spyware, to be set to reset-both, but I want to make sure it is working and the new critical si

Finding the offending file associated with threat event

I’m having an issue identifying the offending file that triggered a vulnerability detection. We had an IT admin transfer a large batch of files across a network segment that traveled on of or PA firewllls. One of the transfers triggered an alert for ...