This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4172 Views
  • 0 replies
  • 0 Likes

Understanding Security Profiles

PA newbie here! I am digging in to the PA traffic processing algorithm & on the 4th leg of the process I see that the traffic is allowed at this point but gets scanned against the configured security profile. This sounds like where IPS comes into the picture am I correct? I read the PAN-OS 8.0 Admin Guide and I don't see anything that men...

PA-v.PNG

How to generate a dynamic report with the XML API?

Hello everyone, I want to create a dynamic report using the API of PaloAlto. I am currently struggling with that a bit.So here is a list of questions and I hope you can help me with that. How do I execute a dynamic report with specific timeframes including the query and report columns I need? Is there an XSD file available how the response may l...

DominikP by L0 Member
  • 3233 Views
  • 0 replies
  • 0 Likes

add new Certificate for web APP

Good day! I tried to follow the steps to create SSL Inbound Inspection but after I added the certificate for the first application (EPOS it’s name) , it’s not showing inside decryption policy role, please check the below pictures to make the image clearer:** EPOS.CRT not found do i need to do more steps to activate the CER ?

1.png
2.png
o.othman by L0 Member
  • 3023 Views
  • 0 replies
  • 0 Likes

How to verify that threat profiles are actually performing

Hello, I currently have one rule, that pertains to one inside and one outside host. I have a few profiles added to the rule such as a/v, spyware, vulnerability and file blocking. I dont see any events in the Threat monitor nor my Syslog server so my assumption is all is well, no threats detected? Is there any other way to confirm the firewall...

Blocking SMB Traffic

I was doing a review of some firewall policies and noticed the company I am consulting for is allowing all applications risk 1 through 3 from their trust to untrust zones. Not sure why it's setup that way yet, but in doing so, SMB traffic is alllowed out. I want to immediately put a control in that blocks SMB traffic outbound. Is it recommende...

ce1028 by L4 Transporter
  • 19995 Views
  • 8 replies
  • 0 Likes

False Positive Submission Virus/Win32.WGeneric.rixgu(2341248)

Hello, I tried to download the last Adobe Reader DC package directly on the depository from Adobe and Palo -Alto block my download with the threat detection Virus/Win32.WGeneric.rixgu(2341248)... The URL is ftp://ftp.adobe.com/pub/adobe/reader/win/AcrobatDC/1801120040/AcroRdrDC1801120040_fr_FR.exe So for example, I can download the package for e...

jflescat by L0 Member
  • 13455 Views
  • 1 replies
  • 2 Likes

Resolved! False Positive AV block

Hi,Not sure if this is under the correct category but here we go.I have a false positive in my FWs, I have a file called Pv7_00_169SetupFull.exe which the FWs are detecting as Virus/Win32.WGeneric.qxdipIf I upload and scan the file with VirusTotal it gives all green lights: https://www.virustotal.com/#/file/e36d3bb4f9eaff256ecd50f4a6875e41d65d12...

GOTRIDA by L0 Member
  • 5255 Views
  • 1 replies
  • 0 Likes

Resolved! Thread-Log: Virus found

Hello,under our Threat-Log I found some Virus entries. The Attacker is an own PC from another vlan. We want to install windows updates over Ivanti-Patchmanagement with the original windows update service. And now the maschine, which we will patch, will do a virus attack - msiexec.exe and wscript.exe. Palo ID 194147259, Application ms-ds-smbv2......

Resolved! Palo Alto Negate Object Meaning

Hi, I have a question on Palo Alto negate object. If I have a allow rule that allow src zone A, src IP of 10.10.10.0/24 (Negate) to dst zone B, dest IP of ANY. Does it mean that the rule is allowing other src IP (not including 10.10.10.0/24) from src zone A to dst zone B, dest IP of ANY? Please advice. Thks and Rgds

TCP SYN with data Threat logs

Hi Guys, I receive hundreds of TCP SYN with data Threat Alerts from my BYOD zone every day. I was learning more about it and I understood that it is a TCP syn packet with data in its payload. However, as almost all of them seems to come from non-malicious sources, I am not sure if I should worry about it or just consider it as a false positive a...

Resolved! Dynamic IP List import now failed

I just have the two default PA dynamic IP lists, but they each only have roughly 100 IPs. I would think there would be more than that but when I try to hit 'import now' it just fails. Anyone shed some light on how these two lists work and how often they are updated. And where can I verify that they have been being updated? I have active threa...

drewdown by L4 Transporter
  • 27196 Views
  • 15 replies
  • 0 Likes
  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks