This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4171 Views
  • 0 replies
  • 0 Likes

Resolved! TID 95187 is not on my signature list

Hi,The question is related to following vulnerability: https://security.paloaltonetworks.com/CVE-2024-3400 In this it said "Recommended Mitigation: Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187 (introduced in Applications and Threats content version 8833-8682)." However, ...

2024-04-12 18 05 53.png
2024-04-12 18 06 54.png
emr_1 by L5 Sessionator
  • 21888 Views
  • 16 replies
  • 1 Likes

FP detection - Virus/Win32.WGeneric.efgjql

Hello, Following file is matched as malicious by the following signature Virus/Win32.WGeneric.efgjql when trying to download via Palo Alto FW. Every other security vendor marks the file as benign, see VirusTotal File is available via https://cdn.devolutions.net/download/RDMS/DVLS.2024.1.10.0.zip The signature is created on 3.4.2024, so its relat...

Screenshot 2024-04-08 111359.png
Screenshot 2024-04-08 110151.png
pgemeri by L0 Member
  • 1564 Views
  • 0 replies
  • 1 Likes

Resolved! What's the difference between antivirus signatures and WildFire signatures

Hi, I'm trying to understand the difference between the antivirus signatures and WildFire signatures. To my understanding, antivirus signatures identify known malicious files based on the signatures in the antivirus database. 1- But what signatures does the WildFire database contain? are they signatures to identify supported file types that ca...

r9i0a0d by L0 Member
  • 6619 Views
  • 3 replies
  • 0 Likes

About Virus/Win32.WGeneric.eevxic

The following detections have been occurring for the past few days.I would like to know information about this threat.I have run a virus scan on my device and confirmed that there are no problems.Is it a false positive?If anyone knows, please let me know. Threat ID Virus/Win32.WGeneric.eevxic(629803323)Application pop3

nakasys by L0 Member
  • 2377 Views
  • 1 replies
  • 0 Likes

Resolved! EDL Dynamic Domain list that is allowed in Anti-spyware profile> DNS Polices is getting sinkholed

We have four VM 300 firewalls configured as DNS proxy with DNS Security, where all our users (around 65K) are using them as a DNS resolver. The pano os version we are running is 10.1.11-h4. We have configured couple of EDL custom domain list, one to allow domains otherwise blocked by PA's DNS signature and one to block domains that our security ...

Dereje by L1 Bithead
  • 4582 Views
  • 1 replies
  • 0 Likes

AGCInvokerUtility.exe - PA picking it up as Virus

Hi Everyone, Our Palo Alto Anti-Virus Profile is picking up AGCInvokerUtility.exe as Virus/Win32.Wgeneric.Eedlvy(624280308). I did a quick search on Threat Vault and found the associated hash: b807502f1a0804543488c5b85a386452d6f9848bf611db01728f3d8c23a212c9 which as per VirusTotal is malicious as well. However when you do a search on the AG...

Web Application Potentially Sensitive CGI Parameter Detection

Need to check any advisory released by Palo Alto on the above mentioned Vulnerability and make sure that it does not leak any confidential information, or sensitive data will not be disclosed. Description: According to their names, some CGI parameters may control sensitive data (e.g., ID, privileges, commands, prices, credit card data, etc.). ...

Suspicious Remote domain account enumeration : XDR

Hello All,We have received an alert from our XDR Platform regarding Suspicious Remote domain account enumeration : XDR , where we see the Src IP belong to Internal and the process involved is "lsass.exe" and Src Host Name being the one which is not an internal one. Login Auth Process: NTLMLogin OutCome: FailureLogin Outcome reason: User name doe...

  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks