AGCInvokerUtility.exe - PA picking it up as Virus

Hi Everyone,

Our Palo Alto Anti-Virus Profile is picking up AGCInvokerUtility.exe as Virus/Win32.Wgeneric.Eedlvy(624280308). I did a quick search on Threat Vault and found the associated hash: b807502f1a0804543488c5b85a386452d6f9848bf611db01728f3d8

Cortex XDR - Coyote Trojan

Hi,

Does anyone know that Cortex XDR can detect and prevent Coyote Trojan as described by Kaspersky? https://securelist.com/coyote-multi-stage-banking-trojan/111846/

Appreciate any feedback. Thank you.

Web Application Potentially Sensitive CGI Parameter Detection

Need to check any advisory released by Palo Alto on the above mentioned Vulnerability and make sure that it does not leak any confidential information, or sensitive data will not be disclosed.

Description:

According to their names, some CGI paramet

Suspicious Remote domain account enumeration : XDR

Hello All,
We have received an alert from our XDR Platform regarding Suspicious Remote domain account enumeration : XDR , where we see the Src IP belong to Internal and the process involved is "lsass.exe" and Src Host Name being the one which is not a

Can I use a single license for Url Filtering in HA mode for palo's

Hi guys & Gals,

Thanks in advance for looking at my query.

You probably did it. or is paying for both licenses. 

The Ask is can I use a single license for URL filtering or Advance in a HA setup between two Palo's

if not; then Why Not.

SSH Brute Force

Client connects to FTP server via SSH and starts downloading. After a while, connection stops. I see in the logs that there a multiple SSH login attempts and finally SSH Brute Force with reset-both action. 

What would be the reason?

CVE-2023-50164 Apache Struts Vulnerability

Hi I would like to enquire if any Palo Alto products are affected by the above vulnerability. 

Thanks. 

Suspicious User-Agent Strings

Hi All,

I have noticed a log from our Palo Alto vulnerability report that looks suspicious yet I am unaware of it.

There is a threat "Suspicious User-Agent Strings" detected under the "spyware" category and "HTTP-proxy" application from Globalprote

Text injection issue on firewall

Dear Team ,

We have a customer he is facing issue with , Text injection is enabled on firewall portal web application.

We noticed a problem with the Palo Alto web portal is getting affected by text injection during the security audit. We must mitig

Binary file execution error while installating Cortex XDR in amazon linux

Using below user data script in aws ec2 instance i tried to install cortex xdr agent. During this process when i look into the system log i had found an error ./setup.sh: line 731: /opt/traps/bin/cytool: cannot execute binary file. Please let me know

Student extensive use of VPNs.

Hello Livecommunity. We are in a bind. We have numerous students on our school networks that are bypassing security profile rules with VPNs. So frustrating. I do have rulesets that look for annnomizers and proxies. I also have explicit rules that loo