Advanced Threat Prevention Discussions

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! False Positive AV block

Hi,
Not sure if this is under the correct category but here we go.
I have a false positive in my FWs, I have a file called Pv7_00_169SetupFull.exe which the FWs are detecting as Virus/Win32.WGeneric.qxdip

If I upload and scan the file with VirusTotal it

...

Credential phishing

Does the credential phishing policy require the URL filtering license?

Thank you.

Resolved! Thread-Log: Virus found

Hello,
under our Threat-Log I found some Virus entries. The Attacker is an own PC from another vlan. We want to install windows updates over Ivanti-Patchmanagement with the original windows update service. And now the maschine, which we will patch, wi

...

Resolved! Palo Alto Negate Object Meaning

Hi,

I have a question on Palo Alto negate object. If I have a allow rule that allow src zone A, src IP of 10.10.10.0/24 (Negate) to dst zone B, dest IP of ANY.

Does it mean that the rule is allowing other src IP (not including 10.10.10.0/24) from src

...

transparent mode

Hello

we are an ISP and we wish to deploy palo alto pa 500 firewall between our core router and switch. we just want pa 500 to scan the packets for viruses and threats and block urls. so how can we do this.

thank you

Vulnerability False positive: Trend Micro Installer

Hi, the file is the Antivirus (Trend Micro) Installer. They have reviewed the file and indicate that they do not detect problems.

Filename: OSCEXG_LP.msi

CVE: CVE-2015-1642

Threat-ID: 37604

Vendor ID: MS15-022

Risk 0 for workday and service now.

Hi,

I noticed in our ACC dashborad that the applicaitons in use such as workday and servicenow were assigned a risk of 0. Is that becuase they have not been identified as risky apps or thats the lowest risk level which means no threat app.

Thank y

...

TCP SYN with data Threat logs

Hi Guys,

I receive hundreds of TCP SYN with data Threat Alerts from my BYOD zone every day. I was learning more about it and I understood that it is a TCP syn packet with data in its payload. However, as almost all of them seems to come from non-mali

...

Resolved! Dynamic IP List import now failed

I just have the two default PA dynamic IP lists, but they each only have roughly 100 IPs. I would think there would be more than that but when I try to hit 'import now' it just fails. Anyone shed some light on how these two lists work and how often

...

Completely puzzled - Unique Threat ID: 193986039

hi,

Did anyone had WildFire Threat events with the following Unique Threat ID: 193986039?

Threat Vault provided me the following information:

Signature Release Domain Name Type

Name: generic:ecompassesfarringdon.com

Unique Threat ID: 193986039

Create Ti

...

Threat & Vulnerability PA Vs FTD & Fortinet

Dear Team,

i want to need the difference between the Threat and Vulnerability detail as we have the PA 5000 Series box please share the solution difference which vendor have the most power full Threat and vulnerability solutions ?

Resolved! How does PA identity an application as "Threat"

Hello guys,

We have an application - "sina-weibo-base" is allowed to be accessed for internet access policy, but when user access to it, PA block it and the "Session End Reason" is "Threat".

Does this mean PA consider this application a threat?

Thank

...

Resolved! WildFire not Blocking File with 'malicious' Verdict

Hi,

I am playing in lab with wildfire and i would like to drop file downloads that are analyzed by wildfire as malicious verdict.

I have configured the follwong wildfire submission profile.

i created a wildfire profile (copy of the default)

admin@PA-220

...

Schermafbeelding 2018-03-06 om 17.20.14.png

Mass unsubscribe

I work for an email marketing company. We have a sender who sent out 3 separate emails blast to over 1 million contacts. They had a very high unsubscribe rate. After our engineering team looked at the logs, we see that all the unsubscribes happen

...

Resolved! IP blcoking on ip scan

I wonder if there is dynamic blocking IP if on short period of time that IP did ip scan or try the same vulnerability attack on our IP range, becuse the attack was once on each policy rule it doesn't reach the vulnerability protection limit for block

...

Discussions

Welcome to the Threat & Vulnerability Discussions!

Rules and Best Practices

Resolved! False Positive AV block

Credential phishing

Resolved! Thread-Log: Virus found

Resolved! Palo Alto Negate Object Meaning

transparent mode

Vulnerability False positive: Trend Micro Installer

Risk 0 for workday and service now.

TCP SYN with data Threat logs

Resolved! Dynamic IP List import now failed

Completely puzzled - Unique Threat ID: 193986039

Threat & Vulnerability PA Vs FTD & Fortinet

Resolved! How does PA identity an application as "Threat"

Resolved! WildFire not Blocking File with 'malicious' Verdict

Mass unsubscribe

Resolved! IP blcoking on ip scan

PAN-OS logs

Are there signature release for following vulnerabilities?

Cannot update Adobe Creative Cloud

App & Threat Content Comparison Utility

Wildfire False Positive for THREAT-ID 614284446

Unlock your full community experience!

Rules and Best Practices

Resolved! False Positive AV block

Resolved! Thread-Log: Virus found

Resolved! Palo Alto Negate Object Meaning

Resolved! Dynamic IP List import now failed

Resolved! How does PA identity an application as "Threat"

Resolved! WildFire not Blocking File with 'malicious' Verdict

Resolved! IP blcoking on ip scan