Zero Access question

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Zero Access question

Not applicable

Hi,

I am new to this website, so I apologize if this is in the wrong location.

Can someone clarify for me what the ZeroAccess alert in the Palo Alto is triggering upon? How do I review the signature?

Thank you for you assistance.

8 REPLIES 8

L4 Transporter

Depending on which ID it is giving you, you can look in the threat vault for a description:

https://threatvault.paloaltonetworks.com/

For example, here is a listing for the first ID (13298):

https://threatvault.paloaltonetworks.com/Home/ThreatDetail/13298

L6 Presenter

Hi Fred,

End user has no access to signatures. "ZeroAccess" is a category where Trojan Horse hides itself. PANW can verify each exe if proper policies are applied. And can detect Trojan hourse.

Provide me more specific detail query on "ZeroAccess Alert".

Regards,

Hardik Shah

Not applicable

This is the alert we are seeing.   I just want a better idea what it is triggering on.  We had another system which gave us many many false positive ZeroAccess alerts.  Before I start pulling computers for malware analysis, I want to find out what is causing this to trigger.

Thanks.

Name:ZeroAccess.Gen Command and Control Traffic
ID:13235
Description:  This signature detects ZeroAccess.Gen Command and Control Traffic. 

Hi Fred,

System is under botnet attach, please refer following link.

https://threatvault.paloaltonetworks.com/Home/ThreatDetail/13235

Let me know for additional query.

Regards,

Hardik Shah

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!