topic Re: Custom Vulnerability to Block Old Browser Versions in Custom Signatures

Custom Vulnerability to Block Old Browser Versions

RyanViq — Fri, 21 Oct 2022 00:10:19 GMT

Would anyone know how to properly identify and block old browser versions using custom vulnerability object? I need help with the proper "pattern" to use to be able to identify the version. I know that there is the following guide:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSOCA0

But this guide is generic and detects all chrome version using pattern: "Chrome\/". What if I would like to block specific "Chrome/106.0.5249.119" version? How do I write the pattern? I was only able to successfully use "Chrome\/106 " but I am having issues when I added the rest of the succeeding numbers such as "Chrome\/106\.0\.5249\.119". Any help would be appreciated.

Re: Custom Vulnerability to Block Old Browser Versions

nikoolayy1 — Wed, 02 Nov 2022 18:34:56 GMT

Did you try adding adding ( ) (Chrome\/106\.0\.5249\.119) as you are using regex signature match not just Pattern_match operator (https://docs.paloaltonetworks.com/pan-os/u-v/custom-app-id-and-threat-signatures/custom-application-and-threat-signatures/create-a-custom-application-signature ). Maybe also see https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/objects/objects-custom-objects/objects-custom-objects-data-patterns/syntax-for-regular-expression-data-patterns

Re: Custom Vulnerability to Block Old Browser Versions

RyanViq — Tue, 15 Nov 2022 23:57:23 GMT

Thank you Nikoolayy1, this seemed to resolve the issue and it is now matching what I want.

Re: Custom Vulnerability to Block Old Browser Versions

jestradasanc — Thu, 23 Mar 2023 17:26:06 GMT

Hello Team, excuse me

How I can block a Chrome versions less than or equal to 105, we try whit these: Chrome\/(0|[1-9][0-9]?|10[0-5])\. and these (Chrome/([1-9][0-9]10[0-5])), but isn't working.