This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Jared_Hainline
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Jared_Hainline
05-22-2023
4Posts
0Likes
0Solutions
May 22, 2023Last Visited
User
Activity
User
Profile
Latest posts by Jared_Hainline
| Subject | Views | Posted |
|---|---|---|
| 368 | 02-13-2023 10:26 AM | |
| 821 | 02-10-2023 11:11 AM | |
| 830 | 02-10-2023 11:02 AM | |
| 1027 | 02-10-2023 09:52 AM |
User Badges
Community Statistics
| Member Since | 06-18-2015 01:26 PM |
| Date Last Visited | 05-22-2023 04:04 PM |
| Posts | 4 |
02-13-2023
10:26 AM
I opened up a support case and they had already deactivated the signature. I removed the signature exception and found that the domain was still working. It's good to know that I can just open a support case to get false positives looked at. In the 8 years as a Palo customer, I have never ran into this before.
... View more
02-10-2023
11:11 AM
Yeah, so, how would I go about verifying which one it is? If it's a false positive, then that needs to be corrected. If not, then I don't want to add an exception to permit this domain.
... View more
02-10-2023
11:02 AM
According to the threat vault, it is listed under DNS Signatures, type is AntiVirus and wildfire. So, the domain got sinkholed. We don't have the URL filtering license so that wasn't a possibility. I know I can create an exception for this specific Threat ID. But if it is a true threat, don't really want to do that. If the threat ID says that it's Antivirus/WildFire. How would we get it re-examined? Does this mean that virus activity was detected on the domain name and that's why the DNS signature was made?
... View more
02-10-2023
09:52 AM
Our Palo started blocking a 3rd party site that is used by our organization. It was being sinkholed. I found the threat ID and it appears that it was tagged as virus/spyware. Short of allowing an exception for this one threat ID, is there any other action that can be taken to have palo re-evaluate and create a new signature that would deem the site ok?
I am also happy to inform the users to use a different site if it really is a threat.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
05-22-2023
04:04 PM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks