Filename field is empty on threat log

Pradeepkumar064 · ‎03-20-2020

Dear Patrons,

There are two IPS in place with following configuration.

Objects > Security Profiles > Antivirus (Reset- Both)
Objects > Security Profiles > Anti-Spyware (no detail found)
Objects > Security Profiles > Vulnerability Protection (Reset- Both)

But we noticed that one IPS shows the filename in threat log (setup.exe) but in other IPS the filed is empty.

Threat name: (common on both the IPS) virus/win32.wgeneric

Dynamic updates are same on both the Firewalls.

Someone let me know what's odd in here?

Best Regards,

Pradeep

Coxje · ‎04-08-2020

Hey Pradeepkumar064,

I am running into the same issue. This might help.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boOXCAY

View solution in original post

reaper · ‎03-23-2020

hi pradeep

do you have a file blocking profile in place ?

a filename will only appear in the log where the filename is relevant

in a threat profile you are unlikely to encounter filenames as it is focussed on network layer attacks. antivirus and antispyware target 2 different types of threats so one may find something in a file whil ehte other doesn't match or finds something else

without more concrete examples of what you're facing it's difficult to give you a more solid answer

reaper - PANgurus.com
I drink and I know things

Pradeepkumar064 · ‎03-25-2020

@reaper

Thanks for your kind response, let me collect the required details and reach out to you.