This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4172 Views
  • 0 replies
  • 0 Likes

SSH Brute Force

Client connects to FTP server via SSH and starts downloading. After a while, connection stops. I see in the logs that there a multiple SSH login attempts and finally SSH Brute Force with reset-both action. What would be the reason?

HyAz45 by L0 Member
  • 2519 Views
  • 1 replies
  • 0 Likes

Resolved! false positive 626399763

https://download.visualstudio.microsoft.com/download/pr/4526499f-1262-4419-a3d2-66d1e32d18da/212c3a4edab3d8e5f5c2e38bc3d51378c9f7a4eb64409b4e2b0918dc70d0d176/Microsoft.VisualStudio.Web.Scaffolding.vsix is regarded as a virus by our firewall. Content-Version: Antivirus-4718-5236. VirusTotal does not see a malicious content.

halladm by L0 Member
  • 3229 Views
  • 1 replies
  • 0 Likes

Resolved! Are there signature release for CVE-2023-6237 etc?

Hello I'm Atsumu Okaniwa. Are there any plans to release signatures for the vulnerabilities below? If there is a plan, I would like to know the release date as well. Also, if there are no plans, I would like to know why. CVE-2023-6237CVE-2023-6129 It was not listed in THREAT VAULT. Also, does this vulnerability affect paloalto? Please...

Suspicious User-Agent Strings

Hi All, I have noticed a log from our Palo Alto vulnerability report that looks suspicious yet I am unaware of it. There is a threat "Suspicious User-Agent Strings" detected under the "spyware" category and "HTTP-proxy" application from Globalprotect VPN user IP to our LAN "squid proxy server". Please help me understand this traffic and if is...

Jerome.j by L1 Bithead
  • 4416 Views
  • 1 replies
  • 0 Likes

Text injection issue on firewall

Dear Team , We have a customer he is facing issue with , Text injection is enabled on firewall portal web application. We noticed a problem with the Palo Alto web portal is getting affected by text injection during the security audit. We must mitigate this in accordance with compliance requirements. Kindly help me to addressed the issue. ...

Binary file execution error while installating Cortex XDR in amazon linux

Using below user data script in aws ec2 instance i tried to install cortex xdr agent. During this process when i look into the system log i had found an error ./setup.sh: line 731: /opt/traps/bin/cytool: cannot execute binary file. Please let me know if this error affects the installation of cortex xdr agent and how to resolve this error.Cortex XDR

GGKARTHIK_0-1701244746446.png

Student extensive use of VPNs.

Hello Livecommunity. We are in a bind. We have numerous students on our school networks that are bypassing security profile rules with VPNs. So frustrating. I do have rulesets that look for annnomizers and proxies. I also have explicit rules that look for categories such as Facebook, Snapchat, etc... Not sure what to do. I worry that the more ru...

JCMoritz by L1 Bithead
  • 6676 Views
  • 4 replies
  • 0 Likes

Resolved! CVE-2023-38802

Hi, Regarding CVE-2023-38802, DDOS in BGP software, would this apply only to public ASNs/BGP sessions established on public internet? I have BGP configured on PAN firewalls but only running BGP over IPSec tunnels using private ASNs I would think this vulnerability would not apply but didn't want to assume https://security.paloaltonetwor...

Malicious .zip file detected as "HackTool/Win32.mimikatz" by AV policy and action shows as 'reset-both' but the file was not blocked

Hello, While doing testing around our security controls, we did intentionally try to download Mimikatz onto an isolated workstation to see if Palo Alto blocks the download, however though Palo did alert with multiple threat names starting with "HackTool/Win32.mimikatz" and did show action as 'reset-both' however the file made through onto the ...

Network

Hi Team, We have a customer he is facing issue with, Sliver Framework Command and Control Traffic Detection - ThreatID 86680. He is getting below sync error, URL : mail.google.com/sync/u/0/i/s?hl=en&c=649&rt=r&pt=ji I have gone through the below article https://live.paloaltonetworks.com/t5/threat-vulnerability-discussions/sliver-fra...

Sliver Framework Command and Control Traffic Detection - ThreatID 86680

Hi all, has anyone see this critical threat which is correlated in our environment with google mail? This event started with content-8770-8365. I can see that PaloAlto did some changes in Modified Anti-Spyware Signatures in release notes. It simply breaks gmail web-based email client. I attach example pcap file. I assume it is a false-posi...

Resolved! Spyware Detections

Hi Community, Lately we are noticing on one of our clients environment where PA is flagging traffic to "mail.google.com" as Spyware. The captured signature is "sliver framework command and control traffic detection". I did run the captured URL "mail.google.com/sync/u/0/i/bv?hl=en&c=31&rt=r&pt=ji" on both, Virustotal and Palo Alto...

  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks