* [Blog](https://www2.paloaltonetworks.com/blog) * [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/) * [Products and Services](https://www2.paloaltonetworks.com/blog/category/products-and-services/) * UPDATED: Palo Alto Networ... # UPDATED: Palo Alto Networks Protections Against WanaCrypt0r Ransomware Attacks [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2018%2F01%2Fpalo-alto-networks-protections-wanacrypt0r-attacks%2F) [](https://twitter.com/share?text=UPDATED%3A+Palo+Alto+Networks+Protections+Against+WanaCrypt0r+Ransomware+Attacks&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2018%2F01%2Fpalo-alto-networks-protections-wanacrypt0r-attacks%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2018%2F01%2Fpalo-alto-networks-protections-wanacrypt0r-attacks%2F&title=UPDATED%3A+Palo+Alto+Networks+Protections+Against+WanaCrypt0r+Ransomware+Attacks&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2018/01/palo-alto-networks-protections-wanacrypt0r-attacks/&ts=markdown) \[\](mailto:?subject=UPDATED: Palo Alto Networks Protections Against WanaCrypt0r Ransomware Attacks) Link copied By [Scott Simkin](https://www.paloaltonetworks.com/blog/author/scott-simkin/?ts=markdown "Posts by Scott Simkin") Jan 25, 2018 7 minutes [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown) [AutoFocus](https://www.paloaltonetworks.com/blog/tag/autofocus/?ts=markdown) [ransomware](https://www.paloaltonetworks.com/blog/tag/ransomware/?ts=markdown) [threat prevention](https://www.paloaltonetworks.com/blog/tag/threat-prevention/?ts=markdown) [WanaCrypt0r](https://www.paloaltonetworks.com/blog/tag/wanacrypt0r/?ts=markdown) [WannaCry](https://www.paloaltonetworks.com/blog/tag/wannacry/?ts=markdown) [WannaCrypt](https://www.paloaltonetworks.com/blog/tag/wannacrypt/?ts=markdown) [WildFire](https://www.paloaltonetworks.com/blog/tag/wildfire/?ts=markdown) This post is also available in: [日本語 (Japanese)](https://www2.paloaltonetworks.com/blog/2018/01/palo-alto-networks-protections-wanacrypt0r-attacks/?lang=ja "Switch to Japanese(日本語)") **NOTE**: Updated January 25, 2018 **What Happened** On Friday, May 12, 2017, a series of broad attacks began that spread the latest version of the WanaCrypt0r ransomware, including worm-like tactics to infect additional hosts within the network. These attacks, also referred to as WannaCrypt or WannaCry, reportedly impacted systems of public and private organizations worldwide. Our Next-Generation Security Platform automatically created, delivered and enforced protections from this attack. We also highly recommend that users ensure they always have up-to-date protections in place as the WannaCry ransomware will continue to pose a persistent threat to unpatched systems. **How the Attack Works** While the initial infection vector for WanaCrypt0r is unclear, it is certain that once inside the network, it attempts to spread to other hosts using the SMB protocol by exploiting the EternalBlue vulnerability (CVE-2017-0144) on Microsoft Windows systems. This vulnerability was publicly disclosed by the Shadow Brokers group in April 2017, and was addressed by Microsoft in March 2017 with [MS17-010](https://technet.microsoft.com/en-us/library/security/ms17-010.aspx). Microsoft published a post on protections from the WanaCrypt0r attacks [here](https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/), and has taken the step of providing patches for versions of Windows software that are no longer supported, including Windows XP. Organizations that have applied the MS17-010 update are not at risk for the spread of WanaCrypt0r across the network, but given it addresses a remotely exploitable vulnerability in a networking component that is now under active attack, we strongly urge making deployment of this security update a priority. **Preventions** Palo Alto Networks customers are protected through our Next-Generation Security Platform, which employs a prevention-based approach that automatically stops threats across the attack lifecycle. Palo Alto Networks customers are protected from WanaCrypt0r ransomware through multiple complementary prevention controls across our Next-Generation Security Platform, including: * **WildFire**classifies all known samples as malware, automatically blocking malicious content from being delivered to users. * **Threat Prevention** : * Enforces IPS signatures (content release: 688-2964) for the SMB vulnerability exploit (CVE-2017-0144 -- MS17-010) used in this attack. We recommend that customers enable protections both at the perimeter and between internal zones within the network. * Deploys anti-malware signatures, which customers can reference on [ThreatVault](https://threatvault.paloaltonetworks.com/?query=Trojan-Ransom/Win32.wanna&type=) (includes threat names: "Trojan-Ransom/Win32.wanna.a"and \*\*"\*\*Trojan-Ransom/Win32.wanna.b"). * Command-and-control: * The WanaCrypt0r malware does not leverage command-and-control, but possesses a "kill switch" domain that prevents encryption of infected endpoints when it successfully resolves. Since the kill switch effectively disarms the threat, we have not released signatures to block access to it. However, you can implement a custom IPS signature developed by our threat research team to detect infected hosts resolving the known kill switch domains, which is available below. Do not set the action to "block", as this will trigger the malware to perform destructive actions on infected hosts. Best practices for implementing custom signatures are available [here](https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/objects/objects-custom-objects-spywarevulnerability). * Offers command-and-control protections (content release 695) for the DoublePulsar backdoor exploit tool, which can be found on [ThreatVault](https://threatvault.paloaltonetworks.com/?query=DoublePulsar&type=) for reference. * **URL Filtering** monitors malicious URLs used and will enforce protections if needed. * **DNS Sinkholing** can be used to identify infected hosts on the network. For more, please reference our [product documentation](https://www.paloaltonetworks.com/documentation) for [best practices](https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-DNS-Sinkhole/ta-p/58891). * **Traps** prevents the execution of the WanaCrypt0r malware on endpoints, with additional details available in the following [blog](https://www.paloaltonetworks.com/blog/2017/05/traps-protections-wanacrypt0r-ransomware-attacks/) on Traps protections. * **AutoFocus** tracks the attack for threat analytics and hunting via the [WanaCrypt0r tag](https://autofocus.paloaltonetworks.com/#/tag/Unit42.WanaCrypt0r). * **GlobalProtect** extends WildFire and Threat Prevention protections to remote users and ensures consistent coverage across all locations. Detecting compromised hosts can be done through multiple methods: * Add known malicious domains (provided below) to an External Dynamic List (EDLs) with the alert action set and monitor access to them. Do not set the action to "block", as this will trigger the malware to perform destructive actions on infected hosts. * Alert on the custom IPS signature (see IPS section below), and ensure you change the signature ID from what we provide to an available ID. Do not set the action to "block", as this will trigger the malware to perform destructive actions on infected hosts. For best practices on preventing ransomware with the Palo Alto Networks Next-Generation Security Platform, please refer to our [Knowledge Base article](https://live.paloaltonetworks.com/t5/Featured-Articles/Best-Practices-for-Ransomware-Prevention/ta-p/74148). We strongly recommend that all Windows users ensure they have the latest patches made available by Microsoft installed, including versions of software that have reached end-of-life support. **Custom IPS signature** **:** **Note:** Check that the "entry name" does not match an existing custom IPS signature you have on your next-generation firewall, and update if needed. **Do not set the action to "block," as this will trigger the malware to perform destructive actions on infected hosts.** As always, we recommend you review *your policies to ensure you have configured the appropriate actions for all security policy rules.* This signature is provided as a sample, and you should verify the effectiveness with your existing processes: \ \ \ \ \ \ \ \ \ \ \ \\\x29\\xiuqerfsodp9ifjaposdfjhgosurijfaewrwergwea\\x03\\xcom\ \dns-req-section\ \no\ \ \ \ \ \ \ \\\x29\\xifferfsodp9ifjaposdfjhgosurijfaewrwergwea\\x03\\xcom\ \dns-req-section\ \no\ \ \ \ \ \ \ \\\x29\\xiuqssfsodp9ifjaposdfjhgosurijfaewrwergwea\\x03\\xcom\ \dns-req-section\ \no\ \ \ \ \ \ \ \\\x29\\xudhridhfowhgibe9vheiviehfiehbfvieheifheih\\x03\\xcom\ \dns-req-section\ \no\ \ \ \ \ \ \ \\\x29\\xayylmaotjhsstasdfasdfasdfasdfasdfasdfasdf\\x03\\xcom\ \dns-req-section\ \no\ \ \ \ \ \ \ \\\x29\\xiuqerxxxdp9ifjaposdfjhgosurijfaewrwergwea\\x03\\xcom\ \dns-req-section\ \no\ \ \ \ \ \ \ \\\x29\\xiuqerfsodp9ifjaposdfjhgosurijfaewrwergwff\\x03\\xcom\ \dns-req-section\ \no\ \ \ \ \ \ \ \\\x29\\xccncertnomorecryaadrtifaderesddferrrqdfwa\\x03\\xcom\ \dns-req-section\ \no\ \ \ \ \ \ \ \no\ \protocol-data-unit\ \ \ \ \ \ \ \WannaCry Domains\ \informational\ \client2server\ \ \ |----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 | \ \ \ \ \ \ \ \ \ \ \ \\\x29\\xiuqerfsodp9ifjaposdfjhgosurijfaewrwergwea\\x03\\xcom\ \dns-req-section\ \no\ \ \ \ \ \ \ \\\x29\\xifferfsodp9ifjaposdfjhgosurijfaewrwergwea\\x03\\xcom\ \dns-req-section\ \no\ \ \ \ \ \ \ \\\x29\\xiuqssfsodp9ifjaposdfjhgosurijfaewrwergwea\\x03\\xcom\ \dns-req-section\ \no\ \ \ \ \ \ \ \\\x29\\xudhridhfowhgibe9vheiviehfiehbfvieheifheih\\x03\\xcom\ \dns-req-section\ \no\ \ \ \ \ \ \ \\\x29\\xayylmaotjhsstasdfasdfasdfasdfasdfasdfasdf\\x03\\xcom\ \dns-req-section\ \no\ \ \ \ \ \ \ \\\x29\\xiuqerxxxdp9ifjaposdfjhgosurijfaewrwergwea\\x03\\xcom\ \dns-req-section\ \no\ \ \ \ \ \ \ \\\x29\\xiuqerfsodp9ifjaposdfjhgosurijfaewrwergwff\\x03\\xcom\ \dns-req-section\ \no\ \ \ \ \ \ \ \\\x29\\xccncertnomorecryaadrtifaderesddferrrqdfwa\\x03\\xcom\ \dns-req-section\ \no\ \ \ \ \ \ \ \no\ \protocol-data-unit\ \ \ \ \ \ \ \WannaCry Domains\ \informational\ \client2server\ \ \ | **Malicious domains:** uqerfsodp9ifjaposdfjhgosurijfaewrwergwea\[.\]com ifferfsodp9ifjaposdfjhgosurijfaewrwergwea\[.\]com iuqssfsodp9ifjaposdfjhgosurijfaewrwergwea\[.\]com udhridhfowhgibe9vheiviehfiehbfvieheifheih\[.\]com ayylmaotjhsstasdfasdfasdfasdfasdfasdfasdf\[.\]com iuqerxxxdp9ifjaposdfjhgosurijfaewrwergwea\[.\]com |-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1 2 3 4 5 6 | uqerfsodp9ifjaposdfjhgosurijfaewrwergwea\[.\]com ifferfsodp9ifjaposdfjhgosurijfaewrwergwea\[.\]com iuqssfsodp9ifjaposdfjhgosurijfaewrwergwea\[.\]com udhridhfowhgibe9vheiviehfiehbfvieheifheih\[.\]com ayylmaotjhsstasdfasdfasdfasdfasdfasdfasdf\[.\]com iuqerxxxdp9ifjaposdfjhgosurijfaewrwergwea\[.\]com | **Change Log:** January 25, 2018: * Added custom IPS signature. * Added details on detecting compromised hosts. May 13, 2017: * Link to Microsoft blog on protections against WanaCrypt0r attacks. * Details on additional protections via DNS sinkholing. * Updated URL Filtering section to reflect new analysis. May 15, 2017: * Clarified the WanaCrypt0r attack delivery method based on additional information. May 17, 2017: * Added Threat Prevention signature information for anti-malware and command-and-control activity. * Added link to Traps blog. *** ** * ** *** ## Related Blogs ### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown) [#### Traps Protections Against WanaCrypt0r Ransomware Attacks](https://www2.paloaltonetworks.com/blog/2017/05/traps-protections-wanacrypt0r-ransomware-attacks/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown) [#### Russia-Ukraine Cyber Activity Makes Security Best Practices Imperative](https://www2.paloaltonetworks.com/blog/2022/03/russia-ukraine-cyber-activity-best-practices/) ### [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown) [#### SEGA Europe: You Cannot Protect What You Cannot See](https://www2.paloaltonetworks.com/blog/2019/07/sega-europe/) ### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown) [#### When Scripts Attack, WildFire Protects](https://www2.paloaltonetworks.com/blog/2019/01/scripts-attack-wildfire-protects/) ### [Threat Brief](https://www.paloaltonetworks.com/blog/category/threat-brief/?ts=markdown) [#### Threat Brief: Understanding Kernel APC Attacks](https://www2.paloaltonetworks.com/blog/2017/10/threat-brief-understanding-kernel-apc-attacks/) ### [Customer Spotlight](https://www.paloaltonetworks.com/blog/category/customer-spotlight/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown) [#### Customer Spotlight: Domain Group Keeps the Presses Rolling With Palo Alto Networks](https://www2.paloaltonetworks.com/blog/2017/09/customer-spotlight-domain-group-keeps-presses-rolling-palo-alto-networks/) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language