This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4170 Views
  • 0 replies
  • 0 Likes

DNS logs

Is there a way to view and/or log dns queries and responses (outside of anti-spyware rules)? The passive DNS telemetry configuration seems to do what we want but those fqdn to IP mappings are sent to Palo and it doesn't appear that we can view what fqdns resolve to what IPs in the logs. This doesn't appear to be a feature in the dns proxy object...

mpochan by L0 Member
  • 12999 Views
  • 2 replies
  • 1 Likes

Credential Phishing Protection troubleshooting

hey community - tearing my hair out here...I've set up a RoDC in my environment and added a test group to the allowed password replication group. I've configured the user and credential agents on the RoDC and they say connected to my firewall, and also successfully connect to the other dcs. I can see my user to ip mapping for my test account....

Community or News Group that has taken Snort signatures and converted them to PaloAlto

This is a very easy question for everybody. A lot of people have most likely created custom signatures from Snort or otherwise to apply to a PaloAlto firewall. Does anyone know of a news group or community in which those signatures have been converted and that you can download free of charge? Also, does anyone know of a list that (to the best...

ScottF by L1 Bithead
  • 4716 Views
  • 1 replies
  • 0 Likes

Case #01083646: Unexpected behavior: WF-500 Failed to update content

Disk-space on the WF-500 was full and conent updates have been failing. The commands below were used to resolve the issue: delete wildfire-metadata update panup-all-wfmeta-<release> request wf-content upgrade check request wf-content upgrade download latest After doing so when running the command: request wf-content upgrade install versi...

jdearman by L2 Linker
  • 5023 Views
  • 1 replies
  • 0 Likes

Vulnerability alerts

There is a web site www.vpnranks.com(35.170.95.4) that is identified as type=THREAT and App=HAS KNOWN VULNERABILITY. As a result, it is blocked by our PAN firewalls (i.e. this is the info in the logs when I ping 35.175.95.4). According to the PAN web site, I see this may indicate 35.170.95.4 has a publicly reported vulnerability. The owner of ...

cottrell by L0 Member
  • 3484 Views
  • 1 replies
  • 0 Likes

Sw.js, Hipobject.js,rapidworker.js logs generating in Palo alto firewall

Hi Everyone, Good day, We have enabled VA profile in our security policies, we find that "Javascript WSF HTA JSE or VBS File Sent in Email(39002)" has been triggered continously in the threat tab of the firewall. We find file names such as sw.js, hipobject.js, rapidworker.js. We found that when we access gmail, hotmail, yahoo these files and thr...

BharathV by L0 Member
  • 5683 Views
  • 3 replies
  • 0 Likes

Resolved! Default behavior on Dynamic Updates

Hello friends, I'm planning to implement Dynamic Updates schedules for my Antivirus, Applications and Threats, and WildFire features. I know I can do it daily, hourly, etc and define treshold. But first I would like to understand the default behavior of these updates, as currently I see that my Antivirus database already has the installed versio...

  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks