Will GlobalProtect client protect against WPA2 KRACK'd network?

Will the GP VPN client provide encryption for WPA2 sessions comprimised by the recent KRACK method?

Does that cover all the OS varients - Win, Mac, IoS, android?

I realize that only covers traffic routed back to the firewall.

ChinaCopper and General Discussion on PA Threat DB

So we get an alert today for ChinaCopper.Gen C&C inbound traffic. In doing research to see what this is, we look at the Threat DB, only to find the description of ChinaCopper.Gen to be: "This signature detects ChinaCopper.Gen Command and Control Traf

Office 365 - Poodle Vunerabilties

Threat ID - 37144 

Question or insight about Microsoft practices with not hardening against poodle.

Why am I still getting alerts for these vulnerabilities, is it because I don't have proper SSL forward proxy yet enabled? Or is it because my Office 3

Failed login attempt using guest account

Basic setup:

Palo Alto at the perimeter

Cisco ASA DMZ

Splunk collecting all logs and running reports from both Cisco and Palo Alto

Failed login reports based on the Palo Alto logs sent daily

Allowed traffic pattern

Inbound SFTP connection NAT'd to SFTP se

ACC risk factor

Looking at our ACC tab, I see that SMTP traffic has a risk of 5.  We only accept SMTP from our Symantec.cloud smart host.  It is then decrypted coming into our firewall and scanned again.  We do not decrypt outgoing SMTP, but we do have an anti-virus

Join Palo Alto Support

This is my first post.

Please help me to register for Palo Alto Support, so that I can receive e-mail alerts about Application and Threats. For the emergency content updates.

CVE-2017-6770

Hi ,

I would like to know whether Palo alto able to detect this CVE-2017-6770 since i cant find this  in threatvault .  

Is there any preventive solution from Palo Alto to safely guard this vulnerable from being taken advantage of?

Thanks.

"Informational" threat has default action of "drop-reset"

Threat 30861 "Microsoft Windows Server Service NetrServerGetInfo Opnum 21 Access Attempt" has a severity level of "Informational" but a default action of "drop-reset".  Is it common for such a low sev level threat to have such a drastic response?  It

Understanding what the widget for IP destination threats means

Hi All,

I am new to Palo Alto - and manage a network, looking through the widgets there's one for destination ip, with the Threat radio button ticked.   The widget shows lots of destinations, I have been asked the question does that mean attacks are

Houdini RAT

Hi Team,

Please let us know whether Palo Alto firewall has updated signatures to detect Houdini RAT

Thanks and Regards,

TAC

Stop vulnerability scanning based on app-id

We have created a custom app id for internal only traffic that is currently generating false positives in our vulnerability scanning.

We ideally would like to stop this particular app-id from being scanned for vulnerabilites or at least a specific vu