https://live.paloaltonetworks.com/t5/general-topics/custom-vulnerability-dmg/m-p/34741#M25496 <HTML><HEAD></HEAD><BODY><P>I think it would be best if you post the same thread in <A href="https://live.paloaltonetworks.com/space/2010">DevCenter</A> as developer and other users expert in this answer on that community.</P><P>Hope this helps you find the answer.</P><P>Thank you</P><P>Numan</P></BODY></HTML> Thu, 06 Mar 2014 21:53:22 GMT mbutt 2014-03-06T21:53:22Z https://live.paloaltonetworks.com/t5/general-topics/custom-vulnerability-dmg/m-p/34739#M25494 <HTML><HEAD></HEAD><BODY><P>Hi All,</P><P></P><P>PanOSS 5.0.10</P><P></P><P>The following site (amongst others) hosts a malicious file that I want to block: <A href="http://free-mac-download.net/" title="http://free-mac-download.net/">Download Genieo</A>. The file is a .dmg and I want it blocked to my Mac user estate. Rather than block the URL I thought I would give Custom Signatures &gt; Vulnerability a go. I am following the document Creating_Custom_Signatures-RevA (page 43).</P><P></P><P>File name is InstallGenieo.dmg with Hex of</P><P></P><P class="p1">0000000: 789c 730d 6262 6060 883f cf30 0a46 2400&nbsp; x.s.bb``.?.0.F$.</P><P class="p1">0000010: 0087 f401 c878 9ced d43b 0ac2 4010 06e0&nbsp; .....x...;..@...</P><P class="p1">0000020: 8885 d7f0 0e1e 20da 888d 10f0 004b c020&nbsp; ...... ......K.</P><P class="p1">0000030: 8baf</P><P class="p1"></P><P class="p1">I have created a custom vulnerability Configuration like so:</P><P class="p1"></P><P class="p1"><IMG __jive_id="12008" alt="Screen Shot 2014-03-06 at 15.53.53.png" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/12008_Screen Shot 2014-03-06 at 15.53.53.png" /></P><P class="p1"></P><P class="p1">and Standard Signature, And Condition (Transaction) like so:</P><P class="p1"></P><P class="p1"><IMG __jive_id="12009" alt="Screen Shot 2014-03-06 at 15.55.13.png" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/12009_Screen Shot 2014-03-06 at 15.55.13.png" style="width: 620px; height: 187px;" /></P><P class="p1">Once pushed from Panorama to my devices I don't see it in the logs as Alerting. I'm sure I'm missing something but being my first attempt, I'm not sure where. Should I add it to the Vulnerability Protection under Security Profiles or something..? Or am I doing this incorrectly in the first place...?:)</P><P class="p1"></P><P class="p1">Any hints would be great,</P><P class="p1"></P><P class="p1">Thanks</P></BODY></HTML> Thu, 06 Mar 2014 15:58:09 GMT https://live.paloaltonetworks.com/t5/general-topics/custom-vulnerability-dmg/m-p/34739#M25494 nickcx1 2014-03-06T15:58:09Z https://live.paloaltonetworks.com/t5/general-topics/custom-vulnerability-dmg/m-p/34740#M25495 <HTML><HEAD></HEAD><BODY><P>I am not an expert to say if the definition is correct.</P><P>Nonetheless you need the security profile in the security policy.</P></BODY></HTML> Thu, 06 Mar 2014 21:12:51 GMT https://live.paloaltonetworks.com/t5/general-topics/custom-vulnerability-dmg/m-p/34740#M25495 prb 2014-03-06T21:12:51Z https://live.paloaltonetworks.com/t5/general-topics/custom-vulnerability-dmg/m-p/34741#M25496 <HTML><HEAD></HEAD><BODY><P>I think it would be best if you post the same thread in <A href="https://live.paloaltonetworks.com/space/2010">DevCenter</A> as developer and other users expert in this answer on that community.</P><P>Hope this helps you find the answer.</P><P>Thank you</P><P>Numan</P></BODY></HTML> Thu, 06 Mar 2014 21:53:22 GMT https://live.paloaltonetworks.com/t5/general-topics/custom-vulnerability-dmg/m-p/34741#M25496 mbutt 2014-03-06T21:53:22Z