To block unauthenticated inbounds connections by default.

Hello  everyone,

I am a newbie here. Perhaps anyone here can tell me how to set my PA-28 firewall to block unauthenticated inbounds connections by default. Thanks 

Exact threat details

  Hi,

  Is there a way to know what a specific threat ID checks for? We enabled SSL inspection for SMTP traffic and Palo started to flag every e-mail with threat ID 56951 (non-RFC compliant SMTP traffic), but ThreatDB does not provide anything useful

DNS Traffic slow/time out after applying Anti Spyware

Hi everyone,

We are using PAN OS 9.1.5.

Our internal hosts and DNS server are in different PA Zones.

We have a policy to allow all hosts to access DNS servers with application "dns".

We used strict anti spyware profile on the above mentioned security pol

Nat/Firewall Bypass Attack how palo alto protect from

A new research has demonstrated a technique that allow an attacker to bypass firewall protection and remotely access any TCP/UDP service on victim machine.

https://thehackernews.com/2020/11/new-natfirewall-bypass-attack-lets.html

Some Malicious Hash File Value not detected by Palo Alto Engine

Hi Team,

We have received some list of Malicious HASH files and asked us to take the necessary action. But while checking we didn't see the below listed Hash is not covered in Threat Vault.

I want to know why the below mentioned Hash value is not det

VideoLAN - Virus/Win32.WGeneric.ashtnf

I am noticing that when either trying to download the latest VideoLAN player from their site, or updating via their application, the PAN is detecting the EXE as Virus/Win32.WGeneric.ashtnf. Is anyone else seeing this behavior?

Thanks

Teardrop Packet Buffer Overflow - SCCM TFTP

Hello,

On our PA-5220 we hade 3 instances when our Packet Buffer Protection has been crippled by traffic from an SCCM server to a host.
Protocol TFTP UDP,  when VM's gone threw PXE boot and on file transfers from SCCM.

Symptoms are that latency goes upp

Severity High and medium action are getting allow instead of block

Hi All,

After upgrade to 9.1.5, i noticed the Severity level high and medium threat actions are allowed and some of them are getting sinkhole. Please let us know if anyone knows why it's getting alert instead of the block in high severity. Attached sc

RE: Egregor Ransomware attack on Palo Alto

Dear Team,

PAN OS Version: 8.1.12

PAN MODEL:  PA-3020

If Palo Alto have a valid signature of this Egregor Ransomware attack ? 

Also please check whether Palo Alto has any FAQ related to Egregor Ransomware.

Signature
ReleasePost-7.1
Domain Name
Type

Name: g

reverse TCP shells and other potential backdoor connections

Hi Team,

Just one of our customer received an security query points where they wanted the firewall to block reverse TCP shells and other potential backdoor connections.

For backdoor i have went through the backdoor signatures in threat vault.

So we ha

Want to report False Positive - HT Work Focus

Hi Team,

I want to report a false positive detection on VirusTotal for our product - HT Work Focus, its executable file - wmime.exe

We make parental controls and productivity management software for more than 10 years and have thousands of customers.

Palo Alto Networks Security Advisory - PAN-SA-2018-0003

Hello,

Does anyone know if this is only for authenticated users to the management inteface or if an unauthenticated attacker could possible exploit this?

Thanks in advance!

ProxyGate.net

Tips appreciated on how to identity and potentially block proxygate.net clients on a campus network.  Proxygate is not necessarily a benign tool. Bad actors can look for proxygate clients embedded on networks and use them to get a foothold on the net

Request to add to PA curated IP lists?

Is there a way to request IPs are added to curated IP lists?  Or is there a preferred dynamic list of IP abusers that you use with your PA?  

Thanks very much for your assistance.  Please forgive me, I am new to Palo Alto.