This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4171 Views
  • 0 replies
  • 0 Likes

Resolved! dns sinkhole rule

hi all we are in a dilemma, we have enable dns sinkhole in our anti-spyware profile enable: dns sinkhole > DNS Policies > default-paloalto-dns > sinkhole enable . DNS Sinkhole Setting> IPv4 > X.X.X.X Now, this profile is also added to our security profiles used in all rules , means we have all rules with a DNS policy. our ma...

Vulnerability Assessment-CVE-2022-0778

Hi, We have CVE-2022-0778 affected for couple of our boxes and we are in midst of patching as well. Apparently, we don’t have SSL inspection enabled on any of our boxes. Hence would like to confirm if there is any impact to us. Need to confirm whether it will affect devices those not doing openssl checks. As based on the CVE-2022-0778 it only ...

Resolved! Blocking Scammer website (cryptocurrency)

I stumbled accros this article on Bleeping Computers https://www.bleepingcomputer.com/news/security/tiktok-flooded-by-elon-musk-cryptocurrency-giveaway-scams/ To my surprise the URL's mentioned in the article where considered safe. Palo Alto had these categorized as for example Stock-Advice-and-Tools Low-Risk Newly-Registered-Domain So I figu...

Remko by L1 Bithead
  • 9429 Views
  • 7 replies
  • 0 Likes

Cortex XDR Remote account enumeration

Hello, today we have interesting alert At least 33 distinct non-existing accounts failed to remotely log in to XX-Laptop1. Users list: name.user, user name, user.name, username User has no idea - all day at school, behind NAT. What I cannot really understand how terminal service can be used when is user behind NAT and there is no port forwar...

LukasB_0-1663265938108.png
LukasB_1-1663266012645.png
LukasB by L2 Linker
  • 5877 Views
  • 3 replies
  • 1 Likes

out of date CVEs

I am curious about the listing of vulnerabilities in the vulnerabilities assessment. It seems like it is catching old out dated CVE's and attaching them to fully updated machines. for example i have numerous machines showing a vulnerability CVE-2023-21812, which is updated via update kb5025022899 but that update is superseded by update kb50237...

Apps and Threats Mismatch

Hi All I have a pair of Panorama managed Firewalls configured in a HA Setup . However I m observing a mismatch on the App and Threat versions across both devices . Although the "Synch To Peer" option is enabled on the App and Threat schedule settings they both appear to be running on different versions ( Please see attachments for reference) ...

Passive-AppandThreat.jpg
Active-AppandThreat.jpg
File2.jpg
File1.jpg

Blocking external IP addresses and blacklists

Hi, I have some questions regarding the PAN-OS and blocking IP addresses. We are getting daily emails with lists of IP's that are port scanning and probing th FW. The customer wants all these addresses blocked. For example over the last 2 weeks I have around 60 addresses to add. At the minute the process is to add each IP under objects > Add...

lukerath by L0 Member
  • 31597 Views
  • 11 replies
  • 0 Likes

Virus alerts on odd files in July 2023

Our SIEM has received several virus alerts from the Palo firewall since mid July. The AV or Wildfire has flagged Adobe and Microsoft files. And now a web site for for a digital transformation and process company smartupload.sutherlandglobal.com. Alerts include: Virus/Win32.WGeneric.dzuhnx(#s removed) was detected at Microsoft.VisualStudio.We...

Resolved! False Positive

Please remove our domain from any blacklists: https://forms.clickup.com We were informed by a number of joint customers that our domain was being blocked by Palo Alto NGFW, classified as a High Risk phishing site ultimately being blocked from access.We take the security of our solution very seriously and actively work to remove reported malic...

  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks