- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-11-2023 02:22 AM
Good Morning,
Has anyone had WildFire-Virus threat events with the following threat ID:602574714 ?
Signature
|
Release
|
Hashes
|
---|---|---|
Name: Virus/Win32.WGeneric.ebefcf Unique Threat ID: 602574714 Create Time: 2023-08-31 10:08:10 (UTC) |
Threat ID: n/a Current Release: n/a First Release: n/a |
21219d0038484fdd61b220f7d30b774b6216426f80fc8b2855032c5984410b65 |
Signature
|
Release
|
Hashes
|
---|---|---|
Name: Virus/Win32.WGeneric.ebefcf Unique Threat ID: 602574714 Create Time: 2023-08-31 10:08:10 (UTC) |
Threat ID: n/a Current Release: n/a First Release: 799306 (2023-08-31 UTC) |
21219d0038484fdd61b220f7d30b774b6216426f80fc8b2855032c5984410b65 |
Since a few days we see a large number of alerts about threats detected by wildfire-virus related to traffic detected as ms-update application or web-browsing default action reset-both . Downloaded files are java script files : syntax taskpane_xxxxxxxxxxxxxxx.js, badz index_xxxxxxxxxxxxxxxxxxxxxxx.js.
The public IP addresses they connect to are mainly akamaitechnoligies.com or others, but after checking them on Virus Total or Cisco Talos they do not show any threats.
Has anyone observed similar events on the Palo Alto Firewall ?
Best Regards
09-12-2023 04:05 AM
It was a False Positive. The signature (TID: 602574714) was already disabled.
10-04-2023 12:54 PM
looks like in our version of panorama there is a bug that keeps old detections in the cache. we have resolved this
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-release-notes/pan-os-10-2-3-known-and-addressed...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!