How to Find Virus Details if Not Available in the Threat Vault
Threat details can be found in the Palo Alto Networks Threat Vault at https://threatvault.paloaltonetworks.com/. In some cases, however, the information for a detected virus on the Palo Alto Networks firewall is not available in the Threat Vault. For example, the firewall detected the virus, "JS/Trojan.blacoleref.w (threat id# is 253849)":
> show threat id 253849
This signature detected JS/Trojan.blacoleref.w
A search in the Threat Vault does not return information on "JS/Trojan.blacoleref.w (threat id# is 253849)":
Follow the steps below to find the details of the virus:
- Open a case with Palo Alto Networks Support and request the MD5 information for the detected virus. The following is an example of the MD5 value for "JS/Trojan.blacoleref.w":
- Visit the Virus Total site : https://www.virustotal.com/en
- Click "search".
- Enter the MD5 value and click "Search it!"
- The resulting virus name lists from searched virus engines are displayed.
- For this example, the search results will show that Microsoft detected this as Trojan:JS/BlacoleRef.CM.
You can find the virus detail from Microsoft site.