Block High Risk TLDs

Hi All,

I want to start blocking 'high risk' top level domains within PAN-OS. Has anyone else done this successfully? 

I presume the following should work based on PAN-OS RegEX:

URL Category:

*.eg/

*.ex/

etc....

Set URL Category to 'Block' within exist

Threat Log False Positives

Hi,

In short - I'm looking to a way to identify false positives.

My organisation's anti virus profiles within our Palo NGFWs are detecting multiple generic threats of a 'medium' level and blocking them. I'm trying to determine whether any of these ar

Minemeld & Log4j

Hello

Is Minemeld affected by Log4j?

I see Palo's Security Advisories about Log4j (https://security.paloaltonetworks.com/CVE-2021-44228) - but there is no Minemeld in it. 

Is anybody out there, who can answer this?

thanks

roger

Pros & Cons to Blocking Java Files, and Which Ones to Block

Hey guys,

I've inherited a ruleset that is blocking Java CLASS file downloads, but not Java JAR files. I am not a Java developer and have very limited knowledge of the particulars relating to these files as potential threat vectors. But I have seen n

Log4j vulnerability

Hi Team,

How to fix mitigate  Log4j vulnerability in Palo Alto Firewall.

Kindly share how can we check whether our product infected and how to overcome from this vulnerability.

Thanks.

Host Sweep

Our Zone Protection | Hoist Sweep configuration was blocking Internet connections on some local hosts due to enabled "News and Interests" Windows 10 Toolbar.  I hope this helps with troubleshooting.

Adobe-Creative Cloud WildFire Virus alerts.

Hi,

Since this morning June 17/2020 I have been getting Virus alerts in the Threat log. It has pointed out that ProxyResolverWin7.dll is the culprit.

I went to a few machines and searched for ProxyResolverWin7.dll and uploaded it to VirusTotal. All c

Apache Log4j Vulnerability -- Wildfire vrs update to Application and Threat content update 8502

maybe question i should ask myself after cup of morning coffee.

Hope you can help...

I see recommendation for Next Gen firewall: (Application and Threat content update 8502)

Next-Generation Firewalls or Prisma Access with a Threat Prevention security su

URL Blocking not working

Hello

Can anyone explain why this doesn't work?

I added misoft5.s3.us-east-2.amazonaws.com and misoft5.s3.us-east-2.amazonaws.com/* to my blocked URL list.

If I type in misoft5.s3.us-east-2.amazonaws.com in a browser I get the BLOCKED page. All is well.

id threat 91991

Hola a todos, ¿pueden ayudarme a filtrar en el ID de registro de amenazas 91991 en el firewall, cuál es el nombre que debo poner en el filtro?
Aprecio tu ayuda

Status of a given threat signature?

I'm running a 9.1 firewall with threat protection and wildfire. How do i check that a specific threat signature is turned on and blocking?