About hisingh

Hello,    I heard back from our malware team. They have removed the verdict as malware, however, decided to mark as "grayware sample"   Best Himani ... View more

Hello,   I heard back from our malware team, we have decided to keep this as malware based on their analysis.   Best Regards, Himani ... View more

Hello,  I heard back from the backend team, the verdict is changed to benign. It will take about 24-48 hours till the AV database updates.    Best Himani ... View more

Hello   I have requested for a recheck, I will update you as soon as I hear more.   Best   ... View more

Hello,  I have submitted the hash. This sha256check is different than the file (wLTSx6ZWW93mSKC) you posted earlier using the link    I will update you once I hear more   Thanks   ... View more

Hello,   I have submitted the re-check request based on the hash. We could not download the file because the file was not zipped by a password, and will be blocked by the firewalls.   Best Himani ... View more

Hello.  Please check now.  On Virustotal. I do not see Paloalto Networks identify this file as malicious. In fact, this seems to be undetected.  https://www.virustotal.com/gui/file-analysis/NzI4NzU2YmRmOTg4OTk1ODhkZDAwMjhlMDViMGE2MWI6MTU4MzE3NDU5MA==/detection   Please let me know if you see otherwise.   Best Himani ... View more

Hello.   I have checked the file wLTSx6ZWW93mSKC   in my lab, and no signature was generated. Can you please add the name of threat or threat ID   Best Himani ... View more

Hello,    DNS proxy will not conflict with our web proxies. A Palo Alto Networks firewall intermediate to clients and servers can act as a DNS proxy to resolve domain name queries. Basically, the firewall can resolve corporate domains based on a corporate DNS server hostname-to-IP-address mappings, and resolve other domains using a public or ISP DNS server. That way the if the final domain's IP is been different due to load-balanced, Firewall has the correct information and it will not trigger the "Suspicious TLS Evasion Suggestion"   Best Himani ... View more

Hello    I have submitted this hash for re-analysis. I will update you once I hear more from our team.   Best Himani  ... View more

Hello Fidele,   I understand that you want to access 'shodan.io' and it was blocked as a hacking site. There are a couple of ways. (a) you can override your URL filtering object and allow hacking sites. (b) Depending on the PAN-OS, you can add one site in exception as a white list (c) you can create a custom URL object and allow it. (d) If you only want to allow for one user, you can create a policy based on the user, and URL  some useful documents. https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/url-filtering/url-filtering-concepts/url-category-exception-lists.html https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filtering-concepts/block-and-allow-lists https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CltmCAC   Thanks Himani   ... View more

Hello Hattracker,   1. Please check your zone protection setting, what is the threshold is set for it? 2. Have you applied for the zone protection on the internal/ trust interface?  3, Please scan one of the clients with host-based IPS and AV, see if any ports are open.    Thanks  Himani  ... View more