Azure Microsoft Defender Security Warnings

Recently Microsoft Defender for Cloud has started reporting various files in our palo alto as malware. The most recent one today is hdd/mfa1z5om.aa2/tmp and hdd/mfa1z5om.aa2/usr/sbin as Trojan:Linux/Casdet!rfn. There have been daily alerts with vario

AcrobatDCx64Manifest3.msi from Akamai 23.200.196.138 detected as ml-virus

VA issue

Is there anyway to solve those VA issue?

1) 90317 - SSH Weak Algorithms Supported

2) 42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)

3) 70658 - SSH Server CBC Mode Ciphers Enabled

4) 71049 - SSH Weak MAC Algorithms Enabled

Kindly help plea

Can you setup a failure grace period for CI image scans based on first found date

I'm looking for a way to set a failure grace period for CI image scans based on the first found date. I see in the rulesets you can set a failure grace period based on the first fix date. 

For example, if we were to set an expectation that any high

Threat Prevention Rules, Exceptions, Default Actions Precedence

I want to confirm the order of precedence for security profile rules, default actions, and exceptions.  For example, the default action for the SSH User Authentication Brute Force Attempt threat is alert.  However, the threat profile rule associated

Many threats for DNS blocklists fresh.fmb.la and support-intelligence.net

Two DNS blocklists used by standard SpamAssassin 4.0 have many Palo Alto threat IDs for wildfire, malware and phishing. Blocklists are not phishing sites but give back DNS values to decide if should be blocked by mailservers or not. Especially needed

False Positives

I am looking to clear out the false positive: Virus/WIN32.WGeneric.edxqeb from the Palo Alto summary report. I went into the WildFire report in the firewall an added a rule to block it but it still shows up on the report. Also does anyone how I can o

Bitdefender update file detected as "Virus/Linux.WGeneric.efxlnj"

Paloalto is detecting the file transfer from from Bitdefender server to clients as virus and the traffic is been blocked. The file is a legit Bitdefender file used for updating Bitdefender Linux agents, the hash of the file is not been detected as ma

Vulnerability scan showing CVE-2008-4309 - SNMP 'GETBULK' Reflection DDoS

Not seeing anything on this anywhere I search. Nessus is showing CVE-2008-4309 - SNMP 'GETBULK' Reflection DDoS on our PA-1410 on 11.0.3-h10. 

Nessus was able to determine the SNMP service can be abused in an SNMP
Reflection DDoS attack :
Request siz

Executable blocking on a network drive

Cordial greetings

Team

Currently some users are trying to download an .exe file located in a server directory path.

As I mentioned, the download is using the ms-ds-smbv3 protocol and is being stopped by the File-Blocking profile. We have performed th

security profile malfunction detection

Does anyone have any good log events to key on for notifying when a security profile (antivirus, anti-spyware, vulnerability protection, url, file blocking, wildfire) may not be functioning properly?  I am thinking maybe trying to identify the log ev

URL Filtering Lookup Site Hosting

Has anybody noticed if the location of the Palo Alto URL Filtering test site has moved?

We were previously able to use this to lookup classifications of URLs, but recently we have not been able to.

Our geo-blocking policy prevents our traffic going o