Threat & Vulnerability
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
478 PostsThis forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
478 PostsTraps Advanced Endpoint Protection prevents cyber breaches by protecting and enabling users to conduct their daily activities, and automating prevention by autonomously reprogramming itself using threat intelligence gained from WildFire.
348 PostsA forum to ask or share about Data Loss Prevention (DLP) strategy. DLP ensures sensitive or confidential information doesn't leak outside of the corporate network. Let's rethink DPL together.
11 PostsThis forum is to discuss Palo Alto Networks' Next-Generation CASB, an integrated, multi-faceted CASB solution that helps security teams meet the security challenges of today.
10 PostsDiscussions about IoT Security — aka the Internet of Things — a cybersecurity strategy that safeguards against the possibility of cyberattacks which specifically target physical IoT devices that are connected to the network.
20 Posts
Hi,
I'm trying to understand the difference between the antivirus signatures and WildFire signatures. To my understanding, antivirus signatures identify known malicious files based on the signatures in the antivirus database.
1- But what signatures
...
Following the Cortex XDR Windows agent update to 8.3.0.49434 we started to see the following error affecting some application DLLs.
Clicking Ok makes the message go away and the application keeps working. TAC case was logged and an temporary Support
...
Started getting false positives on our SCCM server after a repackaging of Microsoft Office 365 source, looks to be specifically on the data file for Microsoft Stream client. VirusTotal comes up clean.
The following detections have been occurring for the past few days.
I would like to know information about this threat.
I have run a virus scan on my device and confirmed that there are no problems.
Is it a false positive?
If anyone knows, please let me
I'm seeing a significant increase in TCP SYN activity mainly from APAC region, all of which started around February 27th. Anyone else seeing the same?
Hi,
After the update PA to version 11.1.0 (currently we are using version 11.1.1 but the problem still exists), Nessus discovered open TCP port 9339 and alerted about vulnerability SWEET32 (screen attached below).
It is weird, because port 9339 is u
...
Traps Linux agents are available for several Linux distributions, including CentOS and Red Hat Enterprise.
Are there any plans on supporting Fedora Linux platform?
You might think it should install, because it's virtually the same as Red Hat Enterpris
...
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodul
...
We have four VM 300 firewalls configured as DNS proxy with DNS Security, where all our users (around 65K) are using them as a DNS resolver. The pano os version we are running is 10.1.11-h4.
We have configured couple of EDL custom domain list, one to
...
Hi Everyone,
Our Palo Alto Anti-Virus Profile is picking up AGCInvokerUtility.exe as Virus/Win32.Wgeneric.Eedlvy(624280308). I did a quick search on Threat Vault and found the associated hash: b807502f1a0804543488c5b85a386452d6f9848bf611db01728f3d8
...
Hi,
Does anyone know that Cortex XDR can detect and prevent Coyote Trojan as described by Kaspersky? https://securelist.com/coyote-multi-stage-banking-trojan/111846/
Appreciate any feedback. Thank you.
Need to check any advisory released by Palo Alto on the above mentioned Vulnerability and make sure that it does not leak any confidential information, or sensitive data will not be disclosed.
Description:
According to their names, some CGI paramet
...
Hello All,
We have received an alert from our XDR Platform regarding Suspicious Remote domain account enumeration : XDR , where we see the Src IP belong to Internal and the process involved is "lsass.exe" and Src Host Name being the one which is not a
Hi everyone,
I have a problem with Cortex (Lted process) retaining deleted files, which saturates the disk and causes disk space problems on a server (CentOS). These files are processing files that are used once and deleted by an application runnin
...Subject | Likes |
---|---|
3 Likes | |
2 Likes | |
2 Likes | |
2 Likes | |
2 Likes |