This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Virus/spware download blocked but no threat logs

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.

Virus/spware download blocked but no threat logs

faizankhurshid
L3 Networker

‎02-19-2018 10:27 AM

Hi

 

When users are accessing internal portal then they are getting "Virus/spware  download blocked" on browser with file name (althrough they are not accessing this file) but there is no virus/spyware logs in threat monitor tab.

 

Any pointers how to fix this?

0 Likes Likes
5 REPLIES 5

Raido_Rattameister
Cyber Elite
Cyber Elite

‎02-19-2018 11:00 AM

You have identified that this block page is presented by Palo?

All your security policies have "Log at Session End" checked on Actions tab?

Do you see those threat events in ACC? Be aware ACC has 15 minute delay.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
0 Likes Likes

faizankhurshid
L3 Networker
In response to Raido_Rattameister

‎02-19-2018 12:11 PM - edited ‎02-19-2018 12:15 PM

@Raido_Rattameister thanks. 

 

You have identified that this block page is presented by Palo? 

Yes becuase it is the default block page by Palo Alto firewall 

 

All your security policies have "Log at Session End" checked on Actions tab? Yes  I double checked that

Do you see those threat events in ACC? Be aware ACC has 15 minute delay. 

I cannot see this here but I can see "others" with count 10

0 Likes Likes

BPry
Cyber Elite
Cyber Elite

‎02-19-2018 02:39 PM

@faizankhurshid,

Have you taken a packet capture of the effected machine just to verify that they truthfully aren't trying to access the file-name indicated? It could be that the machine is infected with spyware/malware and they are trying to inject something into the browser page, or that they are getting redirected to a download page other than the page they were hoping to go to? 

0 Likes Likes

faizankhurshid
L3 Networker
In response to BPry

‎02-19-2018 09:45 PM

@BPry thanks but why I am not getting threat logs for this 😞

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to faizankhurshid

‎02-20-2018 05:53 AM

@faizankhurshid,

That would depend on your configuration; what does your security profile assigned actually look like? 

0 Likes Likes
  • 4806 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks