Cortex XDR: How to block execution of some unwanted apps

Hello All, We have observed some unwanted applications( Any desk, WhatsApp) used by end users in customer environment. Is there any way apart from blocking the hash present in cortex console which will block the execution of such files. Thanks in advance. Regards, Sakshi Seth

When logging into the community can I turn off the email a code?

Whenever I want to log into the palo alto networks community, it asks to email a code to my email address. Sometimes I think it already did but nothing came, but in reality I never clicked the button to send the email. Is there a way to turn that off, or maybe do a push notification to Duo instead? This is why I use the r/paloaltonetworks subr...

Day 1 Configuration of PAN-410 model firewall

I created day 1 config file for my PA-410 model firewall and loaded the configuration. But while commiting Got below error: "email-scheduler -> Possible Compromise -> report-group 'Possible Compromise' is not a valid referenceemail-scheduler -> Possible Compromise -> report-group is invalid " When I double checked the file I downlo...

Device Control Violations

how to download Device Control Violations data from the cortex

Enable Device Telemetry with error message : Send File to CDL Receiver Failed

Hello, I have PA VM100 with PAN OS 10.2.2. Enabling Telemetry and setting up the Telemetry Region as Americas. The status for Device, Product and Threat is always "Failed" with message "Send file to CDL Receiver Failed" Any advise, suggestion or how to troubleshoot this much appreciated Thanks

I have a Premium Account but can figure out how to open a trouble ticket... the Portal Changed PLEASE HELP... So frustrating...

Strange behaviour via Palo Alto Firewall.

Could someone explain why this site would fail via our firewalls, it works fine local and split tunnel. I would imagine it's to do with encryption levels as wireshark shows a few cypher spec changes during the handshake.. FYI.... SSL Proxy / decryption is switched off for this site and aplication is set to any and is classified as education/low ...

palo alto block page not showing

Running panos 10.1.8 on vm-300. a blocked https page gives user -This site cannot be reached rather than palo block page notification. Is this because ssl decrytpion is not enabled and is required to get block page notification for https url which are supposed to be blocked via url filtering.

PA440 not shuting down instead getting rebooted after sometime .

Hello I am trying to shutdown the device using CLI and GUI but it is getting reboot after some time . Click on Device tab > Setup link > Operations tab. Click on shutdown device under device operation shutdown command (request shutdown system) in the CLI. PAN-OS 10.2(10.2.3-h4), Please help me with the issue .

LACP betweeb PA3400 and Cisco Switch

I have config LACP between PA3400 and Cisco Switch everything work fine implement test on standalone mode Cisco eth1/1 (po1)<----> PA eth1/1 (ae1) Cisco eth1/2 (po1)<----> PA eth1/2 (ae1) All traffic can use normally until we test shutdown or unplug one of member on firewall . Result : traffic is dropped 1 timeout My question : this...

how to block facebook and instagram on mobile

how to block facebook and instagram on mobile, currently it is blocked in browsers but not in mobile applications

Limiting Access to Office365 only

Hi All, So we have a PA FW with PANOS 9.1.x We have a requirement for a specific inside vlan to have internet access to office365 only (teams,outlook etc etc).. tried with app-id using the office (365-enterprise-access and consumer) access to no avail, Suspect this did not work due to the FW not able to decrypt the ssl traffic. we also do not ha...