11-29-2023 12:41 AM - edited 11-29-2023 01:39 AM
Hi team,
Although MS-Update was flagged as a threat, there are no corresponding entries in the threat logs, URL filtering logs, or data filtering logs explaining the basis for its classification as a threat
The first three logs indicate that the traffic is passing without the security profiles
Why MS-update is identified as a threat??
with regards,
Akash Thangavel
Network Security Engineer
11-29-2023 01:10 AM
Hello @AkashThangavel
To understand why certain ms-update traffic matches the criteria, you should examine the threat logs or URL filtering logs. Additionally, there is a known software issue (PAN-230250) that may cause this behavior. Please check if your case aligns with this issue.
You can find it in the PAN-OS 11.0.2 release notes, specifically under the "Known and Addressed Issues" section:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
