This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4172 Views
  • 0 replies
  • 0 Likes

Vulnerability scan showing CVE-2008-4309 - SNMP 'GETBULK' Reflection DDoS

Not seeing anything on this anywhere I search. Nessus is showing CVE-2008-4309 - SNMP 'GETBULK' Reflection DDoS on our PA-1410 on 11.0.3-h10. Nessus was able to determine the SNMP service can be abused in an SNMPReflection DDoS attack :Request size (bytes) : 42Response size (bytes) : 2341 Not sure what I should do to remedy this alert. Than...

Executable blocking on a network drive

Cordial greetings Team Currently some users are trying to download an .exe file located in a server directory path. As I mentioned, the download is using the ms-ds-smbv3 protocol and is being stopped by the File-Blocking profile. We have performed the exclusion by creating a Category url (assuming the download was done by querying a URL) but evi...

aalfaro by L2 Linker
  • 2739 Views
  • 1 replies
  • 0 Likes

Resolved! Alert on domain fronting attempt

Hello, Does someone already tried to simulate a domain fronting attack to see if the firewall correctly identify it ? I have tried on a PANOS 10.1 FW. It correctly see the host in header and apply URL filtering policy to it but do not alert in threat log even if I have enable alert on all threat. regards, Cedric

Cedricd by L1 Bithead
  • 4785 Views
  • 1 replies
  • 0 Likes

security profile malfunction detection

Does anyone have any good log events to key on for notifying when a security profile (antivirus, anti-spyware, vulnerability protection, url, file blocking, wildfire) may not be functioning properly? I am thinking maybe trying to identify the log event for when dynamic updates have failed to install, and trying to alert when configuration chang...

Resolved! Threat ID: 640412733 - Virus/Win32.WGeneric.efuusy -> is this also a False Positive?

Hi everyone, since 2024-05-16 we see this threat in our logs til 2024-05-21. Together with the Application "adobe-creative-cloud-base" Filename: 'Adobe Creative Cloud Diagnostics.exe'. (direction is server-to-client)at https://threatvault.paloaltonetworks.com/ there are less information about this. Create Time: 2024-05-15 14:07:08 (UTC)Has some...

URL Filtering Lookup Site Hosting

Has anybody noticed if the location of the Palo Alto URL Filtering test site has moved? We were previously able to use this to lookup classifications of URLs, but recently we have not been able to. Our geo-blocking policy prevents our traffic going outside of the US; everything that I'm finding regarding this site says it's hosted in the Netherl...

Using XDR to detect and mitigate TunnelVision exploit - Anyone out there started to plan for this?

We have recently become aware of the TunnelVision Vulerability (Link to Ars Technic article on it - https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ ) and are looking for ways to be pro-active. Wondering if anyone else in the community is aware of this and if you had any thoughts ...

7zip false positive

Hello. I'm 99% sure this is false positive. I install 7zip 1 year ago, no updates. Información de la aplicación: Nombre de aplicación: 7-Zip GUI Versión de aplicación: 23.1.0.0 Publicador de aplicación: Igor Pavlov ID de proceso: 48668 Ubicación de aplicaciones: C:\Program Files\7-Zip\7zG.exe Línea de comando: "C:\Program Files\7-Zip\7zG.exe" ...

SNMP Agent Default Community Name (public)

The community name of the remote SNMP server can be guessed. It is possible to obtain the default community name of the remote SNMP server. An attacker may use this information to gain more knowledge about the remote host, or to change the configuration of the remote system (if the default community allows such modifications). Plugin Output: The...

cytray.exe "bad image" errors following Agent update

Following the Cortex XDR Windows agent update to 8.3.0.49434 we started to see the following error affecting some application DLLs. Clicking Ok makes the message go away and the application keeps working. TAC case was logged and an temporary Support Exception was added and applied to some affected hosts. This seemed to stop the error. Wondering ...

cskoien by L2 Linker
  • 55639 Views
  • 44 replies
  • 3 Likes

Query regarding CVE-2024-3400

Hi Team, Please help me to understand the below: Firewall 1 - 10.2, GP portal & Gateway, Device telemetry enabled Firewall 2 - 10.2, only GP portal & gateway, no device telemetry enabled Firewall 3 - 10.2, no GP portal and gateway, only device telemetry enabled. Firewall 1 will be impacted by this vulnerability. Please confirm if...

CVE-2024-3400 Unit42 Threat Brief / Private Data Reset

Unit42 updated the threat brief at Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 (Updated April 22) (paloaltonetworks.com) on 22 April to include remediation steps for each observed level of exploit attempt. The recommended remediation for a Level 2: Potential Exfiltration is to hotfix the affecte...

mb_equate by L3 Networker
  • 2364 Views
  • 0 replies
  • 0 Likes

Query for CVE-2024-3400

Hello Team, Work around is for mentioned vul is to install latest Applications and Threats content version Applications and Threats content version 8833-8684 is already installed in our firewall, could you please confirm is our firewall affected? do we need to check anything else?

  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks