How do you read a Palo Alto Networks Antivirus signature name?

How do you read a Palo Alto Networks Antivirus signature name?

16498
Created On 04/02/20 16:12 PM - Last Modified 09/19/23 12:20 PM


Question


How do you read an Antivirus signature name? What does it mean?

image.png
Figure 1 - a picture of a virus name in the firewall threat logs.


A picture of virus name seen in Threat Vault.
Figure 2 - a picture of a virus name as seen in Threat Vault. (https://threatvault.paloaltonetworks.com)
 

Environment


Any PAN-OS
 

Answer


With Palo Alto Networks antivirus signatures, the naming convention follows the following guideline:

<type>/<platform>/<family>.<variation>

So in in Figure 1, from Worm/Win32.vobfus.kfnw you can discern:

  • type is Worm
  • platform is Win32
  • family is vobfus 
  • and it is the kfnw variation of the vobfus worm


Likewise in Figure 2, with Virus/OSX.WGeneric.lmaji :

  • type is Virus
  • platform is OSX 
  • family is WGeneric which means classified in the general family of viruses (versus being identified as a part of a single known virus family)
  • and it is the lmaji variation of said virus family (in this case WGeneric)
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPQgCAO&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language