This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About ShaneMcG
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About ShaneMcG
01-23-2023
1Post
0Likes
0Solutions
Jan 23, 2023Last Visited
User
Activity
User
Profile
Latest posts by ShaneMcG
| Subject | Views | Posted |
|---|---|---|
| 2326 | 10-13-2021 10:57 PM |
User Badges
Community Statistics
| Member Since | 09-16-2020 04:38 PM |
| Date Last Visited | 01-23-2023 10:24 PM |
| Posts | 1 |
10-13-2021
10:57 PM
Hi, In short - I'm looking to a way to identify false positives. My organisation's anti virus profiles within our Palo NGFWs are detecting multiple generic threats of a 'medium' level and blocking them. I'm trying to determine whether any of these are false positives, and if they should remain blocked. The threat names all follow the same format: Virus/Win32.WGeneric.######, with the last 6 digits varying for each threat. When I check the threat vault, there is no further information provided as to the nature of the threat, other than a list of hashes associated with it. I've entered these hashes into VirusTotal.com and also AlienVault to see if any record of these as a malicious activity exists, but I've been unable to find any matches for the 30 or so hashes I've checked so far. Does anyone know what these hashes actually are? Are they the hash of the file being transferred, or the type of threat itself? We've gone to the source device where the threat was generated and there is no record of the hash that the threat corresponds to in Palo's Threat Vault.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-23-2023
10:24 PM
|
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks