https://live.paloaltonetworks.com/t5/custom-signatures/advice-on-blocking-the-extension-packs-for-oracle-virtual-box/m-p/522116#M451 <P>Better consider trying DLP and the file name or even better Palo Alto XDR or another EDR solution and uploading the file hash so that it is blocked.</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/investigation-and-response/investigate-files/manage-file-execution" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/investigation-and-response/investigate-files/manage-file-execution</A></P> <P>&nbsp;</P> <P><A href="https://www.youtube.com/watch?v=Wt6y1jcREcI" target="_blank">https://www.youtube.com/watch?v=Wt6y1jcREcI</A></P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/response-actions/search-file-and-destroy" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/response-actions/search-file-and-destroy</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Also see this discussion:</P> <P>&nbsp;</P> <P><A href="https://live.paloaltonetworks.com/t5/custom-signatures/cortex-xdr-block-file-execution-based-on-ico-file-name/td-p/441544" target="_blank">https://live.paloaltonetworks.com/t5/custom-signatures/cortex-xdr-block-file-execution-based-on-ico-file-name/td-p/441544</A></P> <P>&nbsp;</P> <P>Hope this helps <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>&nbsp;</P> Tue, 22 Nov 2022 18:57:30 GMT nikoolayy1 2022-11-22T18:57:30Z https://live.paloaltonetworks.com/t5/custom-signatures/advice-on-blocking-the-extension-packs-for-oracle-virtual-box/m-p/512877#M438 <P>Oracle's Virtual Box is free and available to use under the GPL v2 license terms.</P> <P>They have Extension Pack which is not free and can invoke a software audit if found.&nbsp;</P> <P>We are looking to see if anyone has an application snippet to prevent download of the Extension Pack.&nbsp;</P> <P>Unfortunately the download is a typical download in that it is available from multiple sources</P> Wed, 24 Aug 2022 16:20:21 GMT https://live.paloaltonetworks.com/t5/custom-signatures/advice-on-blocking-the-extension-packs-for-oracle-virtual-box/m-p/512877#M438 Rick_Miller 2022-08-24T16:20:21Z https://live.paloaltonetworks.com/t5/custom-signatures/advice-on-blocking-the-extension-packs-for-oracle-virtual-box/m-p/522116#M451 <P>Better consider trying DLP and the file name or even better Palo Alto XDR or another EDR solution and uploading the file hash so that it is blocked.</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/investigation-and-response/investigate-files/manage-file-execution" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/investigation-and-response/investigate-files/manage-file-execution</A></P> <P>&nbsp;</P> <P><A href="https://www.youtube.com/watch?v=Wt6y1jcREcI" target="_blank">https://www.youtube.com/watch?v=Wt6y1jcREcI</A></P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/response-actions/search-file-and-destroy" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/response-actions/search-file-and-destroy</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Also see this discussion:</P> <P>&nbsp;</P> <P><A href="https://live.paloaltonetworks.com/t5/custom-signatures/cortex-xdr-block-file-execution-based-on-ico-file-name/td-p/441544" target="_blank">https://live.paloaltonetworks.com/t5/custom-signatures/cortex-xdr-block-file-execution-based-on-ico-file-name/td-p/441544</A></P> <P>&nbsp;</P> <P>Hope this helps <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>&nbsp;</P> Tue, 22 Nov 2022 18:57:30 GMT https://live.paloaltonetworks.com/t5/custom-signatures/advice-on-blocking-the-extension-packs-for-oracle-virtual-box/m-p/522116#M451 nikoolayy1 2022-11-22T18:57:30Z https://live.paloaltonetworks.com/t5/custom-signatures/advice-on-blocking-the-extension-packs-for-oracle-virtual-box/m-p/526240#M454 <P>Hello <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/152912">@Rick_Miller</a> , Did you manage to find a solution to this issue?</P> Sat, 07 Jan 2023 17:39:38 GMT https://live.paloaltonetworks.com/t5/custom-signatures/advice-on-blocking-the-extension-packs-for-oracle-virtual-box/m-p/526240#M454 nikoolayy1 2023-01-07T17:39:38Z https://live.paloaltonetworks.com/t5/custom-signatures/advice-on-blocking-the-extension-packs-for-oracle-virtual-box/m-p/530017#M457 <P>continue to ask for an application code like what was provided for malwarbytes</P> <P>&nbsp;</P> Mon, 06 Feb 2023 19:33:10 GMT https://live.paloaltonetworks.com/t5/custom-signatures/advice-on-blocking-the-extension-packs-for-oracle-virtual-box/m-p/530017#M457 Rick_Miller 2023-02-06T19:33:10Z