This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

About dparris

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dparris
‎08-14-2024
since ‎10-17-2017
L5 Sessionator
User Activity
User Profile
Latest posts by dparris
View All
User Badges
Community Statistics
Member Since ‎10-17-2017 02:47 PM
Date Last Visited ‎08-14-2024 02:01 PM
Posts 256
Total Likes Received 67

Re: False positive report

by in VirusTotal
‎04-26-2019 05:31 AM
‎04-26-2019 05:31 AM
This file is no longer listed as Malicious ... View more

Re: Custom Signature to detect a PDF file

by in Custom Signatures
‎04-25-2019 07:00 AM
1 Kudo
‎04-25-2019 07:00 AM
1 Kudo
Hello Bart,    Your research is correct. We do not create signatures for specific hash values because it is both inefficient, and easily bypassed with a minimal change to the original file.   The performance impact is difficult to determine in a hypothetical situation due to the limitless environmental variables. The short answer though is yes, there will be an impact to utilizing large numbers of custom signatures. If you intend to block a large number of files using customer signatures, instead of using hashes, we suggest you identify a unique character string in the file and utilize if after thorough testing, as this improves your changes of catching multiple variants of the same malware. ... View more

Re: False positive report

by in VirusTotal
‎04-16-2019 12:49 PM
‎04-16-2019 12:49 PM
We are unable to whitelist this file at this time.  hash 77f6699f29fada671828d75749c36ee5c98918a1dacab989be6613663702259f ... View more

Re: False positive report

by in VirusTotal
‎04-12-2019 11:45 AM
‎04-12-2019 11:45 AM
  I will put it in for manual review.  ... View more

Re: False Positive Submission (generic.ml)

by in VirusTotal
‎04-12-2019 10:11 AM
‎04-12-2019 10:11 AM
These files are no longer listed as malicious by Palo Alto. ... View more

Re: FALSE POSITIVES

by in VirusTotal
‎04-12-2019 06:48 AM
1 Kudo
‎04-12-2019 06:48 AM
1 Kudo
All files are listed as benign in Palo Alto systems.  ... View more

Re: False Positive Submission (generic.ml)

by in VirusTotal
‎04-12-2019 06:45 AM
‎04-12-2019 06:45 AM
I have submitted all three files for maual review. ... View more

Re: False Positive Review WGeneric.zrpzh(260820759)

by in VirusTotal
‎04-12-2019 06:38 AM
‎04-12-2019 06:38 AM
If you are a Plao Alto customer please open a ticket with support to have this reviewed. ... View more

Re: False positive request: Virus/Win32.WGeneric.zlbje

by in VirusTotal
‎04-12-2019 06:36 AM
‎04-12-2019 06:36 AM
This file is not listed as malicious by Palo Alto.  ... View more

Re: False positive report

by in VirusTotal
‎04-12-2019 06:34 AM
‎04-12-2019 06:34 AM
I have sumitted the hash 77f6699f29fada671828d75749c36ee5c98918a1dacab989be6613663702259f for manual review even though it has 10 other hits on Virus total.     Manual review will determine Palo Alto's stance on this file.  ... View more

Re: Whitelisting request: Outbyte PCRepair

by in VirusTotal
‎04-12-2019 06:27 AM
‎04-12-2019 06:27 AM
File is not listed as malicious by Palo Alto on Virus total or internaly.  ... View more

Custom Signature to detect a PDF file

by in Custom Signatures
‎03-06-2019 06:13 AM
3 Kudos
‎03-06-2019 06:13 AM
3 Kudos
DISCLAIMER:   As with all custom signatures on this forum, this signature is being provided by the author as a result of enthusiasm for the product and to share ideas with the Palo Alto Networks security community.       It is:   - Not recommended for deployment in a production network of any kind without internal testing. - Not a solution to any vulnerability. - Not an official supported Palo Alto Networks signature    This write up is to help the Palo Alto Networks community with detecting a specific PDF file.    The sample signature was created on PAN OS Version 8.1.x :    SHA256: cbdf842fba661b85090e7e31fe9ed6b069a01fd82d5bd563a462185b53ab38e3   Go to custom signatures under objects, select custom vulnerability signature. Click add Fill out the appropriate field under the configuration tab     Open the Signature Tab Select add at the bottom left   Since we only have one condition it doesn’t matter if we choose the ‘and’/’or’ condition     To determine a unique string the *NIX utility xxd was used in this case, however any hex editor will work for this purpose.  The string was then converted to hex and used in a pattern match to detect the file. In this case the author of the file put what we believe to be their name in the file and that was used as a unique identifier.    5220 3120 2038 2030 5d52 432f 6e6f 6574 Once this custom signature is applied and a web browser is used to attempt to download the file the firewall will either block or alert on detection depending on the action you set.   **Warning** any custom signature should be fully tested to see if it works correctly, and for false positives. ... View more

Re: False Positive Submission (generic.ml)

by in VirusTotal
‎03-01-2019 07:42 AM
‎03-01-2019 07:42 AM
This file is no longer listed as malicious. ... View more

Re: False Positive Submission (generic.ml)

by in VirusTotal
‎03-01-2019 07:40 AM
‎03-01-2019 07:40 AM
The file is no longer listed as malicious ... View more

Re: False Positive Submission (generic.ml)

by in VirusTotal
‎02-22-2019 05:23 AM
‎02-22-2019 05:23 AM
Your file has been submitted for review ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎08-14-2024 02:01 PM
Latest Tags
No tags yet
Likes Given To
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks