Details
Only enable the User-ID option for interfaces that are both internal and trusted. There is rarely a legitimate need to allow WMI probing on an untrusted interface.
Rationale:
PAN released a customer advisory in October of 2014 warning of WMI probing on untrusted interfaces with User-ID enabled. This can result in theft of the password hash for the account used in WMI probing.
Solution
Navigate to Network > Network Profiles > Interface Management.
Set User-ID to be checked only for interfaces that are both internal and trusted; uncheck it for all other interfaces.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Palo_Alto.