This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
attacking site and PAN
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- General Topics
- attacking site and PAN
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
attacking site and PAN
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-16-2014 12:48 AM
Hello
Few days ago I discovered site with some information about VMware Update Manager. I had a problem with it and I was searching for solution.
This site is www.bourgelat.net/cannot-patch-definitions-vmware-19988
I have PA with all licences but PAN software doesnt detect any bad traffic 
I asked PAN to change categorization to malware site, but today I got email : New category: computer-and-internet-info
This site still trying to hurt Your computer, and PAN doesnt responds to it - is it OK?
I have security policy with thread prevention/av - but it doesnt stops it, hopefully my Symnatec Endpoint protection detecting it and blocking.
You can try to open www.bourgelat.net - this isn't https so in my opinion PAN should react in some way to this traffic.
Do You agree with me?
How it's possible when IE 10 with default configuration recomends to not enter to this site while PAN recategorization is computer-and-internet-info ?
Regards
Slawek
Labels:
- Labels:
-
Troubleshooting
13 REPLIES 13
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-17-2014 01:22 PM
I can't verify it now, but probably - yes.
Today "www.bourgelat.net/cannot-patch-definitions-vmware-19988" isn't accessable but please try with www.bourgelat.net Please try with it.
I will check my security rules, but I'm sure that I blocing medium and critical threats.
Regards
SLawek
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-17-2014 01:26 PM
I don't see anything threatening on www.bourgelat.net
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-17-2014 01:37 PM
Although a google search for "www.bourgelat.net malware" shows very suspicious results...
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-19-2014 09:04 AM
Here You are report from today (SEP):
is it a false positive?
Regards
Slawek
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-19-2014 04:52 PM
Slawek,
We deal with situation by having two custom URL categories:
1. Temporary-Blocked = this allows you to immediately block it while you wait for a reclassification request to be processed by Palo Alto.
2. Custom-Blocked = This allows you to override the Pan-DB or Brightcloud category. Additionally you can use it to block parts of an otherwise good website.
Hope this provides a way to react quicker. It works quite well for us.
Phil
Related Content
- Site-to-Site IPsec vpn tunnel interface another MTU in General Topics
- IP Sec VPN Paloalto - Starlink in General Topics
- Google Chrome Geolocation in General Topics
- What is Threat ID 40033 "DNS ANY Queries Brute Force DOS Attack" in Threat & Vulnerability Discussions
- IKE phase 1 not working in General Topics
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks