This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4171 Views
  • 0 replies
  • 0 Likes

Open port 9339 - CVE-2016-2183

Hi, After the update PA to version 11.1.0 (currently we are using version 11.1.1 but the problem still exists), Nessus discovered open TCP port 9339 and alerted about vulnerability SWEET32 (screen attached below). It is weird, because port 9339 is up despite of the fact that LLDP is disabled in our configuration (screen attached below):

image.png
image.png
PatrykChodurski_1-1704963348299.png

Resolved! Geolocation Address Groups

Does anyone know if you can create Geo-location address groups? I want to create a group for all the bad Countries instead of having to add all the Countries to every Geo-location rule. Example: Add Russia, Crimea, North Korea, Iran, etc.. into a "Bad Countries" group then apply that group into my inbound / outbound Geo-fencing rules.As of now ...

JeffNeff by L0 Member
  • 6139 Views
  • 2 replies
  • 1 Likes

Azure Microsoft Defender Security Warnings

Recently Microsoft Defender for Cloud has started reporting various files in our palo alto as malware. The most recent one today is hdd/mfa1z5om.aa2/tmp and hdd/mfa1z5om.aa2/usr/sbin as Trojan:Linux/Casdet!rfn. There have been daily alerts with various types of malware over the last week, is this an actual infection or is it just detecting the v...

VA issue

Is there anyway to solve those VA issue? 1) 90317 - SSH Weak Algorithms Supported2) 42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)3) 70658 - SSH Server CBC Mode Ciphers Enabled4) 71049 - SSH Weak MAC Algorithms Enabled Kindly help please..Thank you

Vector by L0 Member
  • 5617 Views
  • 2 replies
  • 0 Likes

Can you setup a failure grace period for CI image scans based on first found date

I'm looking for a way to set a failure grace period for CI image scans based on the first found date. I see in the rulesets you can set a failure grace period based on the first fix date. For example, if we were to set an expectation that any high finding needs fixed within 30 days of being detected (from the initial scan date), and we don't ...

Threat Prevention Rules, Exceptions, Default Actions Precedence

I want to confirm the order of precedence for security profile rules, default actions, and exceptions. For example, the default action for the SSH User Authentication Brute Force Attempt threat is alert. However, the threat profile rule associated (simple-server-high) has an action of reset-both. I think the rule action will override the defa...

Many threats for DNS blocklists fresh.fmb.la and support-intelligence.net

Two DNS blocklists used by standard SpamAssassin 4.0 have many Palo Alto threat IDs for wildfire, malware and phishing. Blocklists are not phishing sites but give back DNS values to decide if should be blocked by mailservers or not. Especially needed for evaluation of URIs in mails. /var/lib/spamassassin/4.000000/updates_spamassassin_org/72_acti...

kivory by L0 Member
  • 2398 Views
  • 0 replies
  • 0 Likes

Resolved! Wildfire False Positive for THREAT-ID 614284446

FILE HASH: 9329f42ac6f2c7470c070863af04572c9f32148c1d86cdbb6e0e301c7f5d780eLink To Virus Total: LINK This file -- MSJT4JLT.DLL is being detected as wildfire-virus and being blocked by WildFire but Virustotal link and Wildfire portal itself categorize this as BENIGN. The Threat ID it shows as 614284446 but hashes do not match in threat vault....

False Positives

I am looking to clear out the false positive: Virus/WIN32.WGeneric.edxqeb from the Palo Alto summary report. I went into the WildFire report in the firewall an added a rule to block it but it still shows up on the report. Also does anyone how I can obtain the hash for the false positive? Thank you in advance.

S.Aklil by L1 Bithead
  • 2907 Views
  • 1 replies
  • 0 Likes

Bitdefender update file detected as "Virus/Linux.WGeneric.efxlnj"

Paloalto is detecting the file transfer from from Bitdefender server to clients as virus and the traffic is been blocked. The file is a legit Bitdefender file used for updating Bitdefender Linux agents, the hash of the file is not been detected as malicious in virus total. Intrusion detection name : Virus/Linux.WGeneric.efxlnj

CyrilJoy by L0 Member
  • 2112 Views
  • 0 replies
  • 0 Likes
  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks