Hello everyone question,
I have been seeing this on the Threat montior area. I just need someone to verify what I am seeing is correct.
This shows me that action was reset-both, which tells me file never got inside
When I look at the Detailed Log View it shows something else. I am thinking that issue was not reset but file did get downloaded. If anyone can help me with this would be great.
I sort this by recieved time, so what I am thinking is the file has been downloaded.
Here is Type sort the same way
Here is Bytes sorted the same way too
Also when I look at the Destination area you can see that all is file out expected the Victim Name
Help with understanding all this please.
Palo performs stream based antivirus.
If it find virus inside file while it is passing by it will reset connection.
Even if client received beginning of file it is not an issue - until whole file was not transferred it will not be executed.
You can check Data Filtering log if this session transferred any file through firewall.
as @Raido mentions, the firewall does not proxy connections, but instead allows packets to flow through and scans them for behavior and threats as they pass through. If abnormalities or threats are detected, the flow will be interrupted or corrective action is taken, depending on the need (eg. threats are dropped/reset, while url filtering is injected with a redirect to a block page etc..)
First sorry Raido I did not see you post something here.
Thank you for the information.
I did check the Data Filtering log I see action was allow, this traffic was filter but allow here.
But since there was a reset-both action that means the file got reset on both sides so no one got infected file on there computer right ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!