About hisingh

hisingh · ‎02-22-2021

Hello How about using the URL custom blocklist? You can create a custom URL list with URL "https://www.mysite.com/mng/login" and set up as blocked. Best Himani

hisingh · ‎02-21-2021

Hello In 8.1, 9.x series; the Pattern will not be accepted if it is less than 7. We need some more data like any other common characters in the string to match. Here is the document that explained how the customer signatures are created: https://knowledgebase.paloaltonetworks.com/servlet/fileField?entityId=ka10g000000U0ruAAC&field=Attachment_1__Body__s Best Himani

hisingh · ‎02-16-2021

Hello @Sahil_Arora This signature is been disabled. Thanks

hisingh · ‎01-22-2021

Hello @bit_byte Please see above in this thread for the detailed answer. You will see FW management port sending such query because one of the following reason: 1. FQDN Address Objects: When IoC domains are configured to use in the Destination Address in Security Policies. 2. IP addresses in pre-defined threat report where reporting engine picking up blocked websites or blocked domains to populate IP addresses. In the above two cases firewall to attempt DNS resolution on the FQDN Address Object, and populate an IP Address for Security Policy match. If you want to make a black-list, please use spyware profile or EDLs. The custom Domain EDLs can have a list of your custom domains. 3. DNS security is enabled. 4. DNS proxy is enabled Best Himani

hisingh · ‎01-13-2021

Hello The verdict has changed to benign. Best Himani

hisingh · ‎01-13-2021

Hello This is under review Best Himani

hisingh · ‎01-13-2021

Hello This is under review Best Himani

hisingh · ‎01-11-2021

Hello @Claudio This file is submitted for review Best

hisingh · ‎01-05-2021

Hello @jstrubberg In case you have created an address object( FQDN) on PAN and intended to use it as blacklist, in that case the PAN management interface will try to resolve it and you will see in logs. I hope this helps. respectfully Himani

hisingh · ‎10-13-2020

Hello, This is marked as benign, Best Himani

hisingh · ‎10-13-2020

Hello This sample is marked as grayware pup Thanks Himani

hisingh · ‎10-13-2020

Hello I have re-submitted the hash for re-analysis. Best Himani

hisingh · ‎10-13-2020

Hello @poloso I have submitted the hash for re-analysis Best Himani

hisingh · ‎09-29-2020

Any time, it is my pleasure Himani

hisingh · ‎09-27-2020

Hello @ijmilton We got the result back, this sample is marked as grayware. Its an open-source tool used for custom ROM for android. Best Himani

Date Registered	‎07-11-2018 04:42 AM
Date Last Visited	Wednesday
Total Messages Posted	144
Total Likes Received	44

Online Status	Offline
Date Last Visited	Wednesday

About hisingh

Re: Pattern regex less then 7 bytes

Re: Pattern regex less then 7 bytes

Re: Virus/Win32.WGeneric.aeulpb (297499053)

Re: Firewall requests to suspect dns domain names

Re: False positive submission

Re: Firewall requests to suspect dns domain names

Re: Virus/Win32.WGeneric.aeulpb (297499053)

Re: Firewall requests to suspect dns domain names

Re: False positive submission

Re: False Positive

Re: Pattern regex less then 7 bytes

Re: False positive

Quick Tour of MineMeld Default Config

Re: Please check and remove false positive

Re: False positive: Generic.ml

Re: Pattern regex less then 7 bytes

Re: Pattern regex less then 7 bytes

Re: Virus/Win32.WGeneric.aeulpb (297499053)

Re: Firewall requests to suspect dns domain names

Re: False positive submission

Re: VirustTotal False positive (Generic.ml)

Re: False positive

Re: False positive submission

Re: Firewall requests to suspect dns domain names

Re: False positive: Generic.ml

Re: False Positive (Generic.ml): ReimagePackage1956x64.exe

Re: False Positive (Generic.ml): ReimagePackage1956x64.exe

Re: False positive: Generic.ml

Re: Please check and remove false positive

Re: False Positive

Network Security

Cloud Security

Security Operations

About hisingh