topic jpeg file blocking download error in General Topics

jpeg file blocking download error

CHOE-KyungJun — Thu, 14 Apr 2022 08:30:10 GMT

Dear Team,

I am doing a file blocking test for the jpeg file format.

When uploading a jpeg, it is recognized as a unique threat id below, and I can control it as I want.

Name: JPEG File Upload
> Unique Threat ID: 52097

URL : https://threatvault.paloaltonetworks.com/?query=52097

log

But I want to control jpeg download.

For testing, I set it to 'all alert' and continued to download the jpg file.

But jpeg download doesn't seem to be detected.

I have set the decryption and can control other formats

I also tested the dynamic version after changing it.

i want to know the solution

Thanks in advance,
Kyungjun,

Re: jpeg file blocking download error

LAYER_8 — Thu, 14 Apr 2022 20:12:40 GMT

Are you blocking the app QUIC? Does the destination server use cert pinning or ESNI?

There are many reasons why decryption could be unsuccessful for that session. What does the packet capture tell you?

Re: jpeg file blocking download error

CHOE-KyungJun — Fri, 15 Apr 2022 08:38:12 GMT

@LAYER_8

Dear slick

Thank you for your comment

I blocked quic itself in chrome. Also, 'jpeg-upload' works normally on the same server.

I've also tested it in other browsers, but it doesn't solve the problem.

I think there is a problem with 'jpeg'.

Please let me know if anyone is normally controlled when only jpeg is set in file blocking.

Re: jpeg file blocking download error

LAYER_8 — Tue, 19 Apr 2022 16:36:22 GMT

You may or may not have received this email (please note that second bullet under detailed instructions, it is the kicker):

Dear Palo Alto Networks Super User & Domain Administrator,
You’re receiving this email because you’re a Super User or Domain Administrator of a Palo Alto Networks account.
As part of our continuous security enhancements, your teams’ accounts will need to be updated to meet enhanced security requirements. Key changes include:

Users will require Multi-Factor Authentication
Password will need to be changed every 365 days
If a user enters incorrect passwords 5 times, their account will be locked out for 15 mins

Detailed Instructions

Starting April 14th, 2022, users will be prompted to change their passwords. Password policy requirements: a) minimum 11 characters, b) at least one each of uppercase, lowercase, numbers, and special characters.
Multi-Factor Authentication (MFA) is crucial to protect data against credential theft and damage. When users login on or after April 14th, they will be asked to enter an MFA verification code, which they will receive in their registered email every time they login.
Two weeks prior to April 14th, we will send your users a separate email notifying them of these changes and using MFA
In case you have issues, please reach out to our team at Contact Support, or open a support case at https://support.paloaltonetworks.com.

Thank you!
Palo Alto Networks
www.paloaltonetworks.com

We haven't gotten a clear response from our IT org why this is better/more secure than an auth app.

Re: jpeg file blocking download error

CHOE-KyungJun — Thu, 12 May 2022 06:35:56 GMT

The 'jpeg' file type was deprecated a long time ago and I've confirmed that now only "jpeg-uploading" is used.