This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4172 Views
  • 0 replies
  • 0 Likes

Resolved! File Blocking - .exe vs .exe

I was testing file blocking before implementation and .exe does not get entirely blocked. 2 different exe files, one from microsoft does not get blocked while another from nirsoft gets blocked. Is there a difference to what kind of exe files get blocked. And what about other filetypes do they also behave same. https://docs.microsoft.com/en-us/sy...

raji_toor by L4 Transporter
  • 13812 Views
  • 4 replies
  • 0 Likes

Getting report on unblocked vulnerability attacks?

I am on PA 8.0.4. If I go to ACC -Blocked activity, I can see what we are blocking. Is it possible to generate a report of unblocked threats? Potential attacks that get through because of policy rules? It would be nice to generate not just a general attack report, but a report of potential attacks that my polices are not blocking. Tim

tyler by L1 Bithead
  • 4968 Views
  • 1 replies
  • 0 Likes

DNSProxy - Resolve-Fail - cpsc.gov

Warning: very new to PANOS. I'm seeing a TON of these messages, to the tune of about 2-300 per second in my system log: Failed to resolve domain name: cpsc.gov after trying all attempts to name server(s): mynameserverinternalip. I've read that this domain is a popular one and used in DOS style attacks. Should I worry or ignore this? Can I prev...

HavisIT by L0 Member
  • 5140 Views
  • 0 replies
  • 5 Likes

Flurry of Ramnit Detections

Around 04:00-05:00 yesterday my users triggered a series of ramnit detections which were blocked, but when I looked at the logs it seems a bit unclear. The threat logs are reporting that the file postprocess.dll carried the malware, but tying the URL logs up using the times and src/dst IP addresses, I can only see automatic downloads by Creati...

djr by L4 Transporter
  • 3690 Views
  • 0 replies
  • 0 Likes

SFTP SCP malware not found and blocked on firewall

i took a test for SFTP/SCP file transmission. but i can't see anything in our logs. i knew SSH decryption, i tried. but no use. i dont know how to understand SSH decryption( no threat checking for SSH tunnel), actully i dont have SSH tunnel. and Antivirus' docoders , since decoders dont have SFTP coding scheme. wht i have in mind is there are...

DannyDai by L1 Bithead
  • 4527 Views
  • 0 replies
  • 0 Likes

Resolved! Pattern of network vulnerability scanning coming from all over the world

In the last month or so we have seen lots of network vulnerability scanning for the following 3 Threat IDs coming from all over the world. - MVPower DVR TV Shell Unauthenticated Command Execution Vulnerability(30426)- WebUI mainfile.php Arbitrary Command Injection Vulnerability(38836)- Wireless IP Camera Pre-Auth Info Leak Vulnerability(33556)...

CTW1983 by L2 Linker
  • 11724 Views
  • 2 replies
  • 0 Likes

ChinaCopper and General Discussion on PA Threat DB

So we get an alert today for ChinaCopper.Gen C&C inbound traffic. In doing research to see what this is, we look at the Threat DB, only to find the description of ChinaCopper.Gen to be: "This signature detects ChinaCopper.Gen Command and Control Traffic. " No other information, and no matter how I search the Internet I only get information o...

GStach by L0 Member
  • 11234 Views
  • 1 replies
  • 1 Likes

Office 365 - Poodle Vunerabilties

Threat ID - 37144 Question or insight about Microsoft practices with not hardening against poodle. Why am I still getting alerts for these vulnerabilities, is it because I don't have proper SSL forward proxy yet enabled? Or is it because my Office 365 tenancy is hosted out of UK which is often 5 steps backwards in ramping up and fixing vulns? I...

CZaloba by L0 Member
  • 3842 Views
  • 0 replies
  • 0 Likes

Failed login attempt using guest account

Basic setup:Palo Alto at the perimeterCisco ASA DMZSplunk collecting all logs and running reports from both Cisco and Palo AltoFailed login reports based on the Palo Alto logs sent daily Allowed traffic patternInbound SFTP connection NAT'd to SFTP server using SSH Key authentication So, we allow SFTP traffic through the firewall into the SFTP se...

ACC risk factor

Looking at our ACC tab, I see that SMTP traffic has a risk of 5. We only accept SMTP from our Symantec.cloud smart host. It is then decrypted coming into our firewall and scanned again. We do not decrypt outgoing SMTP, but we do have an anti-virus scanner on our exchange server that scans emails, and we only allow Outbound SMTP through our sm...

Resolved! Cascading URL Filters?

To the world, creating Security rule for a specific user (call it, a rule to permit access dodgy website access), what's involved in "cascading" the rule - so, if there's no matches on that rule, that same user would be challenged against a General Web Access Rule? Is it possible to cascade the rules? Regards, Christopher

  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks