Threat & Vulnerability Discussions

Welcome to the Threat and Vulnerability Discussion Board

Welcome to the Threat and Vulnerability Forum

The purpose of this forum is to discuss security vulnerabilities and threats. Palo Alto Networks believes that understanding todays threat landscape is critical to effectively detecting and preventing cyb

...

Host sweep alert from an iPad

We have an iPad that is triggering our scan block policy as a host sweep. The iPad is attempting to connect to one external (Internet) IP over port 443. It's happened for the past few days to a different external IP each time.

Threat vault info.

Name:

...

Virus/Win32.WGeneric.ajtozf / ms-ds-smbv3

We have been seeing alot of detections for smbv3 for file detections varying from pdf to any office document. Wildfire has been picking up the traffic, marking it as Threat and either resetting it or alerting on in. This monthly only we have had abou

...

Syslog to exclude BYOD subnets from logging

Hi all , We do have a few questions on Logging.

1. Can we exclude the BYOD subnet from alerting as they flooding us with irrelevant logs. (both URL and Threat monitoring)

2. Can we exclude some category in URL from sending syslog messages. Example he

...

Resolved! Microsoft.csharp.dll Virus/Win32.WGeneric.bcycrm - False positive - runtime silverlight Signed by Microsoft

Hi,

It's seems that this file signature should be disabled as it is an official and signed binary from Microsoft of the Silverlight Runtime

File Hash: fe1f3cde0bacb77a297360b5e022087456b8bf5b

Link to Virustotal report for the file: https://www.virusto

...

ssl forward decryption not work with URL category (proxy-avoidance-and-anonymizers )PAN 10.0.5

I upgrade from Pan os 9.1 to 10.0.5 and i foud some issue in any proxy website with URL category (proxy-avoidance-and-anonymizers ) like https://www.proxysite.com/ it bypass any blocked traffic even with ssl decryption policy ,however other catego

...

Resolved! Non-RFC Compliant Telnet Traffic on Port 23

Can someone explain about the threat name/vulnerability Non-RFC compliant Telnet traffic on Port 23?

pa3220 POS 9.1.5

howdy,

The short question is a block country rule on 1/8 the thing to do?

or a white list of ip? and apps?

Thank you

Mike

Resolved! block adult content in twitter or through google translator ?

hi all ,

can i block adult content in twitter and google translator without closing the sites ?

Resolved! Protections against CVE 2020-15999?

Does anyone know how/if there are protections out there to mitigate the latest 0 day threat for Chrome? CVE 2020-15999? Thanks in advance.

2960X - WAN and DMZ on same switch separated by vlans?

the title says it pretty much. Trying to consolidate a 24 port switch that only uses 3 ports with another 24 port that is only using 2 ports.

How safe/comfortable would you be if you used the same switch for DMZ and WAN traffic, but separate them b

...

Resolved! Automatic IP block-list PAN 8.0

Hello all,

I am wondering if there is any way to let's say block the IP address from a source for a set period of time. An example of this could be, we are being attack, same IP address hitting our firewall a 100 times in 3 minutes, It is being repo

...

DNS Tunneling

Im trrying to detect dns tunneling with custom signatures.

i have some snort rules to begin.

some of you have any strategies for this?

Resolved! custom snort signature add the pattern if the context operator is not found

creating a custom snort signature on Palo alto Firewall but didn’t found the concern context operator for match pattern.

Shall we create a context operator or how it can add the pattern if the context operator is not available?

For example:

alert tcp $

...

Virus/Win32.WGeneric.aeulpb (297499053)

Hi Community,

We are seeing this signature in our environment for ms-ds-smbv3 application. PAN is marking the internal traffic as 'virus' before resetting it on both ends.

Any suggestions what would be the investigation process for it. What are we lo

...

Microsoft Directory Services/ms-ds-smbv3 - /Virus/Win32.WGeneric.badouv

Hello,

We are seeing so many alerts in the threat logs that are linked to:

Virus/Win32.WGeneric.badouv

Name: Virus/Win32.WGeneric.badouv

Unique Threat ID: 398700357

Create Time: 2021-02-03 13:41:24 (UTC)

Threat ID: 1103259

Current Release: 3615 (2021-02-03

...

Discussions

Welcome to the Threat and Vulnerability Discussion Board

Host sweep alert from an iPad

Virus/Win32.WGeneric.ajtozf / ms-ds-smbv3

Syslog to exclude BYOD subnets from logging

Resolved! Microsoft.csharp.dll Virus/Win32.WGeneric.bcycrm - False positive - runtime silverlight Signed by Microsoft

ssl forward decryption not work with URL category (proxy-avoidance-and-anonymizers )PAN 10.0.5

Resolved! Non-RFC Compliant Telnet Traffic on Port 23

pa3220 POS 9.1.5

Resolved! block adult content in twitter or through google translator ?

Resolved! Protections against CVE 2020-15999?

2960X - WAN and DMZ on same switch separated by vlans?

Resolved! Automatic IP block-list PAN 8.0

DNS Tunneling

Resolved! custom snort signature add the pattern if the context operator is not found

Virus/Win32.WGeneric.aeulpb (297499053)

Microsoft Directory Services/ms-ds-smbv3 - /Virus/Win32.WGeneric.badouv

Cannot update Adobe Creative Cloud

App & Threat Content Comparison Utility

Wildfire False Positive for THREAT-ID 614284446

Alert on domain fronting attempt

Threat ID: 640412733 - Virus/Win32.WGeneric.efuusy -> is this also a False Positive?

Re: Cannot update Adobe Creative Cloud

Re: Blocking external IP addresses and blacklists

Microsoft Directory Services/ms-ds-smbv3 - Virus/Win32.WGeneric.yurld

Unlock your full community experience!

Resolved! Microsoft.csharp.dll Virus/Win32.WGeneric.bcycrm - False positive - runtime silverlight Signed by Microsoft

Resolved! Non-RFC Compliant Telnet Traffic on Port 23

Resolved! block adult content in twitter or through google translator ?

Resolved! Protections against CVE 2020-15999?

Resolved! Automatic IP block-list PAN 8.0

Resolved! custom snort signature add the pattern if the context operator is not found