DNS Security and Untrust to Untrust Alerts

We are currently doing a trial of the DNS Security license on our firewalls.  After enabling I am seeing a decent amount of alerts coming into XDR for DNS Tunneling. However when looking at the alerts they are all coming in from the Intrazone Untrust

Wininfo.exe alerts - Received alert from Traps regarding malware detection of maximum system

received alert from Traps regarding malware detection of the maximum system due to file “Wininfo.exe”.

Please find a snapshot of one system and suggest how to fix this. Is there any impact?

CORTEXXDR

WildFire Malware

High

Source:XDR Agent

Category:Malwa

vulnerability and spyware showing in monitor need to check its blocked from PA or not and need more clarity on same

vulnerability and spyware showing in monitor need to check its blocked from PA or not and need more clarity on same

File wininfo.exe cassified as malicious(verdict changed today), yet appears to be a legitimate Lenovo service

We had a ton of alerts in XDR generate on this file hash
3ae8462769a4d5012b66af226a196bb12571c72a231b66f07afcc838e878045c

Which is related to the above fie but everywhere we look it looks like an authentic Lenovo service related to BIOS updates.

Does an

virus/Win32.WGeneric.atarqw

I've had a computer recently that got flagged in the firewall with this virus. The virus name is :Win32.WGeneric.atarqw。
,however when scanning the computer
I can't find the virus. Virustotal also doesn't have anything on this virus when I search.
Is th

Threat ID 58644 false positives

For the past couple weeks we have seen apparent false alerts for Threat ID 58644. The Threat Vault references that this ID is for detection of a PHP shell injection vulnerability in RiteCMS, CVE-202-23934, which was first released 7/28/2020 and last

Container scanning(Basic question)

Hi,

           Ours is a digital bank. We are in the process of picking a tool to scan the docker images in the AWS code pipeline. While we were scanning using the default ECR scan process we noticed CVE-2021-33574, CVE-2019-25013, CVE-2021-3520. Thes

我想了解防火墙新版本的功能，确定是否对我们有用，再决定升级，可以在哪了解

我想了解防火墙新版本的功能，确定是否对我们有用，再决定升级，可以在哪了解

SharpCompress.dll \ Virus/Win32.WGeneric.bgvbho

Hello everyone,

I've had a computer recently that got flagged in the firewall with this virus. The file name is SharpCompress.dll, however when scanning the computer I can't find the file. Virustotal also doesn't have anything on this virus or SharpCo

Threat logs source zone as Outside and Destination zone as Outside in firewall

Threat logs source zone as Outside and Destination zone as Outside in firewall

How to block .vbox files for protect ransomware?

The ransomware is update again.

Now include virus in windows 7 virtual machine and attack host via share folder to host.

Palo alto NGFW not have .vbox file type (have vmdk only).

How to custom .vbox file type blocking or please update .vbox file type fo