Threat Protection

Hi All,

If threat protection is enabled (subscribed) is it by default a global protection or can it be applied per interface?

Thank you in advance.

Meltdown and Spectre Vulnerability

Are PA devices effected by the meltdown and spectre vulnerability and if so, are these signatures known yet by PA?

Command & Control or Just Ads?

In the last few days I have seen alerts for berbew.jb C2 traffic(192730665) and dynamer.bayo C2 traffic(192442683).  The odd thing here is that in the alert the same url is being accessed (ad.afy11.net/ad?mode=7&publisher_dsp_id=67&external_user_id=X

Palo Alto not flagging dangerous/malicious IP addresses as such?

Hi,

Today I sent two requests to get 2 IPs categorized as malicious (Command and Control) to Palo Alto. The IPs are:

45.33.9.234

199.59.242.150

The current category for both of them is: insufficient-content

However, these IPs are being associated with

Strange TCP traffic from PAN Firewall management IP going to Japan

Hi All,

I've noticed an strange event in our network. We have PAN 5020 and other PAN firewalls. The issue is from the management IP from one of them there is TCP traffic going to a Japanese server on port 135 (MSRPC). One of our Sensors detects it as

URL Filtering Implementation Best Practice

Hell everyone,

 I have a vendor that is going to work on deploying the URL Filtering service in our Pan3020 but I wanted to undersandt/learn what the best approach is in order for to come up with an outcome that is manageable once they leave us. As o

RSA TLS crypto attack, ROBOT—short for "Return Of Bleichenbacher's Oracle Threat

Recent article talks about a newly discovered (but old) vulnerability: 

     https://arstechnica.com/information-technology/2017/12/a-worrying-number-of-sites-remain-open-to-major-crypto-flaw-from-1998/?comments=1&start=40 

You can test your links her

Threat ID for Unsafe Characters in URLs

Is there a Threat signature to detect Unsafe/ Illegal characters in an URL? I've searched the ThreatVault but I couldn't find any unfortunately.

For clarity this is what I'm talking about - https://perishablepress.com/stop-using-unsafe-characters-in-

Suspicious Abnormal HTTP Response Found

My customers are complaing that they're not able to open the website www.sligrofoodgroup.nl

Our "Antvirus / Anti Spyware Block Page" kicks in, and in the threat monitor i see it's blocked cause off the vulnerability "Suspicious Abnormal HTTP Response

Update 762 "broke" our PA500

Hi Guys,

We manually updated to 762 today and our Palo immediately started ending sessions with the Resources-unavailable reason.

Reverting the update and restarting the dataplane fixed the issue.

Has anyone else had issues with it?

Regards

Ronelle