This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How Palo alto detect virus

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How Palo alto detect virus

soporteseguridad
L4 Transporter

‎07-04-2013 04:09 AM


Last week my client suffered a virus attack in its LAN and we have not seen anything in Palo Alto (monitor threat). I wanted to know how good is Palo Alto detecting virus and why reasons the PA didnt detect this virus. Anyone has had any similar problem.



thanks a lot

Labels:
0 Likes Likes
6 REPLIES 6

panos
L6 Presenter

‎07-04-2013 04:15 AM

You can search for the virus that you found with other vendor or etc.. using https://threatvault.paloaltonetworks.com/

maybe there is no signature for that or maybe it is false positive for PaloAlto.

VinceM
L5 Sessionator

‎07-04-2013 05:51 AM

Maybe virus didn't go through the palo or using a rule with no security profile.

v.

kprakash
L5 Sessionator

‎07-04-2013 07:11 AM

Do you have the traffic logs, and the information about the virus? In cases where the attack could have been a zero day attack, we can use the wildfire functionanlity of the PANFW to report unknown signatures to the cloud, analyze these signatures and determine if they are malicious or not.

BR,

Karthik RP

0 Likes Likes

mikand
L6 Presenter
In response to kprakash

‎07-04-2013 11:12 AM

Other things to take into account (if the download actually passed the PA) is if ssl was used or not and if so did you have ssl-decryption enabled?

If you have a copy of the malicious file you could try to upload it manually to wildfire and see which opinion wildfire has on the file in question (first login to https://support.paloaltonetworks.com):

https://wildfire.paloaltonetworks.com/

ericgearhart
L4 Transporter

‎07-25-2013 05:09 PM

can you please reply? You had a few different people who have had the courtesy of asking you for more information in this thread that you started who are trying to help you...

0 Likes Likes

ukhapre
L3 Networker

‎07-26-2013 12:35 PM

DOS protection and Zone protection is typically applied for attacks.

Make sure to apply DOS protection to the security rule.

Zone protection profile needs to be assigned to respective Zone.

Make sure the content is uptodate and security rules are using AV, Vulnerability profile.

If you find some virus which was not covered, pcaps/relevant URLs can be submitted to add the coverage.

Wildfire can be configured which can help us identify the suspicious traffic.

0 Likes Likes
  • 3894 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks