About hshah

Hi Darren, I am not sure if this idea would work, but worth trying. connect faulty HDD to linux box, now SCP its log to SCP server. Now, re-SCP it to newer HDD partition. For this you might need TAC help, as you do not have root access. Regards, Hardik Shah ... View more

Hello Vcom, Based on provided information There might be an assymetric routing issue, or issue on source or destination. Its not possible to come to conclusion on provided information. To be more precise please provide enlarge snapshot of traffic log. Regards, Hardik Shah ... View more

If you do not find spyware in following link, think open a TAC Ticket to locate spyware. It happens, because PAN may use different convention then other anti-virus. https://threatvault.paloaltonetworks.com/ Regards, Hardik Shah ... View more

Hello Komurel, You can find spyware from name/threat id from bellow link. As a result you will see severity level, default action etc. https://threatvault.paloaltonetworks.com/ Let me know if you need additional information. Regards, Hardik Shah ... View more

Hello COS, Please find WHOIS for new 3 IP addresses, they all belongs to Microsoft. http://www.whois.com/whois/64.4.11.25 http://www.whois.com/whois/134.170.189.4 http://www.whois.com/whois/64.4.11.25 Moreover, virustotal result based on IP address doesnt prove any thing. Nobody can confirm if connections were malicious. In virus total results also most of the anti-virus are not detecting it as a virus. Regards, Hardik Shah ... View more

Hello COS, 5 Microsoft services are hosted on IP address in question. These services are used for activation and update stuff. Refer Bellow mentioned link. https://www.robtex.com/dns/co2.sls.microsoft.com.html Traffic log says application is "ms-product-activation". Hence I believe some of the applications are trying to activate itself. Collect source IP addresses and provide it to system team to find out root cause of simultaneous activation logs. Bottom line is its not a threat, its genuine traffic. Even SIEM says Excessive session, not malicious session. Its just an alert to administrator, so he can varify if destination is malicious[torrent/bot/etc]. Regards, Hardik Shah ... View more

Hi COS, 65.52.98.231 is IP address of co2.sls.microsoft.com, hence it has to be genuine, give me some more time for further research. Regards, Hardik Shah ... View more

Hi Darren, IF HDD is corrupt, then how did you login to firewall now ?  Based on answer solution will vary. Regards, Hardik Shah ... View more

You may want to approach PAN TAC, see if they can move data from root via SCP. ... View more

If certificate is not "self signed root CA" or "Subordinate Root CA" than it can not generate new certificate. thats why non-Root CA cert doesnt work in decryption. ... View more

Hello Zournana, Support will map CPUID/UUUID with License/Authcode, once that is done, you should be able to get serial number via manual License key. This is a Security protection, so no one can use PAN box without licenses.  I will not be able to help you with CPUID/UUID map unless you open a ticket. Its a support issue. Regards, Hardik Shah ... View more

Hi Zuhana, Please refer PPT attachment, it has graphical information for VM Licensing. Let me know if you still have additional queries. Regards, Hardik Shah ... View more

I found a link for Mirgration Tool 2.1 - Release, but its broken, I would suggest to contact SE to get proper information. Another closest link is. MT20-Checkpoint Source files Formats Supported in 2.1.1 https://support.paloaltonetworks.com/getFile.php?file=MigrationTool21Minimal.zip ... View more

Hello Gururaj, closed document I found is Migration Tool 2.0 - Released, I am doing more research I will get back to you. Regards, Hardik Shah ... View more