FP detection - Virus/Win32.WGeneric.efgjql

Hello,

Following file is matched as malicious by the following signature Virus/Win32.WGeneric.efgjql when trying to download via Palo Alto FW.

Every other security vendor marks the file as benign, see VirusTotal

File is available via https://cdn.devo

Compromised or commonly used username found in HTTP Basic Authentication

Hi, can i get common username patterns that are getting matched with the PA signature "Compromised or commonly used username found in HTTP Basic Authentication" ??

Any links where i can get the usernames that are mapped with this signature which ar

False Positive: virus/win32.wGeneric.efbuyk

Wanted to see if anyone else was receiving false positives from virus/win32.wgeneric.efbuyk threat when utilizing Ivanti EPM for patch delivery/deployment.  

About Virus/Win32.WGeneric.eevxic

The following detections have been occurring for the past few days.
I would like to know information about this threat.
I have run a virus scan on my device and confirmed that there are no problems.
Is it a false positive?
If anyone knows, please let me

Increase in TCP SYN w/Data activity - Feb. 27

I'm seeing a significant increase in TCP SYN activity mainly from APAC region, all of which started around February 27th.  Anyone else seeing the same?

AGCInvokerUtility.exe - PA picking it up as Virus

Hi Everyone,

Our Palo Alto Anti-Virus Profile is picking up AGCInvokerUtility.exe as Virus/Win32.Wgeneric.Eedlvy(624280308). I did a quick search on Threat Vault and found the associated hash: b807502f1a0804543488c5b85a386452d6f9848bf611db01728f3d8

Cortex XDR - Coyote Trojan

Hi,

Does anyone know that Cortex XDR can detect and prevent Coyote Trojan as described by Kaspersky? https://securelist.com/coyote-multi-stage-banking-trojan/111846/

Appreciate any feedback. Thank you.

Web Application Potentially Sensitive CGI Parameter Detection

Need to check any advisory released by Palo Alto on the above mentioned Vulnerability and make sure that it does not leak any confidential information, or sensitive data will not be disclosed.

Description:

According to their names, some CGI paramet

Suspicious Remote domain account enumeration : XDR

Hello All,
We have received an alert from our XDR Platform regarding Suspicious Remote domain account enumeration : XDR , where we see the Src IP belong to Internal and the process involved is "lsass.exe" and Src Host Name being the one which is not a

Can I use a single license for Url Filtering in HA mode for palo's

Hi guys & Gals,

Thanks in advance for looking at my query.

You probably did it. or is paying for both licenses. 

The Ask is can I use a single license for URL filtering or Advance in a HA setup between two Palo's

if not; then Why Not.

SSH Brute Force

Client connects to FTP server via SSH and starts downloading. After a while, connection stops. I see in the logs that there a multiple SSH login attempts and finally SSH Brute Force with reset-both action. 

What would be the reason?