09-10-2010 08:14 AM
New virus, described here:
Is this virus recognized by the PAN devices? I'm not sure how to look that up, or I would do so myself.
If not, any thoughts on mitigating risk? I don't see .scr files in file blocking.
Thanks,
Grant
--------------
09-10-2010 08:21 AM
Palo Alto Web site > Support > Threat Database
drop down and select Virus.
I was just there looking for the same thing.
09-10-2010 08:21 AM
Palo Alto Web site > Support > Threat Database
drop down and select Virus.
I was just there looking for the same thing.
09-10-2010 08:29 AM
Thanks, it looks to me like it's not recognized.
Any thoughts on mitigation?
09-10-2010 08:31 AM
It might be listed under a different name. Trend Micro recognizes it as WORM_MEYLME.B.
09-10-2010 08:32 AM
I don't see anything on any virus. You would think you could just select from the drop down and hit enter and it would pull up a list, but I get nothing, even when I put something in there still nothing.
09-10-2010 08:39 AM
if you're not seeing anything, you're doing it wrong.
type w32 , change type to virus, hit find, and see an enormous list.
09-10-2010 08:48 AM
This was slated to be included in last night's emergency Threat/AV content release for PAN OS 3.1.x.
PAN OS 3.0.x will be addressed with next Tuesday's content release.
09-14-2010 01:24 AM
I still dont see this added into the threat database...is it known by a different name in Palo Alto land?
09-14-2010 01:44 AM
Hi,
Coverage for "Here you have" virus is as follows:
3.1
Virus Name: Trojan/Win32.swisyn.bofj
Content release: 271 (daily content release)
Release date: 5th August
Virus Name: Trojan/W32.swisyn.bxoh
Content Release: 299-364 (Daily A/V content update)
Release Date: 10th Sep
3.0
Virus Name: Trojan/Win32.swisyn.0804
Content release: 203 (weekly content release)
Release date: 25th August
Thanks,
Sandeep
09-14-2010 01:04 PM
Thanks,
What about the ability to block .scr files. It seems odd to me that there is a way to custmize nearly everything but not a way to add a file extention to the picklist???
Is .scr going to be included in some future release? Or the ability for the end user to add his own file extensions for blocking?
09-14-2010 01:07 PM
.scr files are included in the category "Portable Executables" (aka PE).
on my firewall i created a file block rule for the PE filetype in both directions.
Message was edited by: bpappas
09-14-2010 01:13 PM
Apparently the PA support guy I talked to yesterday did not know this... Is this knowledge in a document somewhere?
09-14-2010 01:43 PM
How do we search for this? looking for VBmania, or "here you have" comes up with no results.
As much as vendors have their own names for malware, its pointless when we can't search for
it so we can let our customer know they're protected.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
