About Felixcao

I've had a computer recently that got flagged in the firewall with this virus. The virus name is :Win32.WGeneric.atarqw。 ,however when scanning the computer I can't find the virus. Virustotal also doesn't have anything on this virus when I search. Is this a false positive? Anyone else experience this in the firewall? i check it on threat vault on  pa threat db signature：Name: Virus/Win32.WGeneric.atarqw Unique Threat ID: 385182123 Create Time: 2020-11-11 01:44:29 (UTC) Hashes：d975571377349ae8b6184fe5c4fcfb908b9f9e0ceac8ccfce12b7678feaf54cd ... View more

 the customer want to test  pa wilfire  feature . my test step: 1: from http://wildfire.paloaltonetworks.com/publicapi/test/apk, download the sample malware.the traffice throught the pa 2: when we can find the  wildire log from firewall  and theck the log report ,know the  malware files sha256 ------------------------------------------------ log: 33, filename: wildfire-test-apk-file.apk processed 120151 seconds ago, action: upload success vsys_id: 1, session_id: 47055, transaction_id: 5 file_len: 1434514, flag: 0x801c, file type: apk threat id: 52108, user_id: 0, app_id: 109 from 192.168.5.31/50643 to 34.84.44.247/80 SHA256: 2751671b591b6969b09f8c032cd89e6ae83a5f3ec819c8b923c673a6286cbec3 ------------------------------------------------------------------------------------------------------------ 3:then wait 48 hours,we go to  threat db lookup the  sha256 value,but we don't find the sha256. so I think that  PA will not update malware signature to antiivirus  from sample malware files(http://wildfire.paloaltonetworks.com/publicapi/test/apk).is true  ?   ... View more

the customer find the panorama could not push new config file to firewall, check the disk space,find the opt/pancfg space avail is 0. so they reference aritcal kb,clear some file in the opt/pancfg. include ： GUI: Panorama > Software => Delete the old software which is unused by using the "x" button on the last column GUI: Panorama > Dynamic Updates => Similar procedure. Delete the old, unused "antivirus", "app and threats" and "wildfire" images. GUI: Panorama > Device Deployment > Software => Delete the old images. GUI: Panorama > Device Deployment > Dynamic Updates => Delete the old and unused antivirus and other images. the opt/pancfg used from 100% reduced 89%。 but the custoer want to reduced more，so ayn body have new other suggest， or how to check xml api request queries the system but not getting log out ？ kb：https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008V5bCAE&lang=en_US%E2%80%A9 ... View more

  the customer  have an M-100 do RMA Now they need to replace the hard disk with the new M-100. I refer to this article How to migrate logs from M-100 to another M-100 in mixed mode by moving the logging disks. nine thousand three hundred and seven Created On 09/27/19 23:00 PM - Last Updated 05/19/20 20:46 PM  I have some questions. Question 1: I don't know about Step 9 9.Transfer meta-data from Old-M-100 to New-M-100: At this step, Please call into support to have an engineer assist to transfer the Meta-data. Once Metadata transfer is completed successfully continue with Step 10.   why need engineer assist to transfer the meta-data。 Can't I just unplug the hard disk from the old device and plug it into the new device?   Question 2: I don't know if raid has been done on old m-100. If not, raid has not been done   Onyxx@New-M-100> request system raid add A1 force no-format 'no-format' will be ignored for the second drive in the RAID Disk Pair. Do you want to continue? (y or n) y Operation may take few minutes. Check 'show system raid detail' for status Onyxx@New-M-100> request system raid add A2 force no-format 'no-format' will be ignored for the second drive in the RAID Disk Pair. Do you want to continue? (y or n) y Operation may take few minutes. Check 'show system raid detail' for status Does this affect the data in the hard disk ... View more

I use two PA820s for ipsec vpn and  used certificate-Based Authentication for IKE The 820-A version is 8.1.6 and the 820-B version is 9.1.4. 820-A configuration ike gateway no problem。 820-B will report an error when configuring ike gateway ， authentication cannot have more than one subconfiguration, I attach a screenshot for reference. Do anybody  have any suggestions to solve this problem? ... View more