https://live.paloaltonetworks.com/t5/general-topics/can-pa-block-web-shell-or-shell-script/m-p/48412#M35625 <HTML><HEAD></HEAD><BODY><P>Hello, guys~</P><P>One of my customer want to know whether the Pan block web shell or shell script. In my opinion, there's no ips which can block those attacks 100%. </P><P>Threat prevention of the PA is signature base also, which means if it detects well-known web shell, it might block it. If not, it can't.</P><P></P><P>It's sure that web shell is based on web server application vulnerability or miss configuration. So the basic method to block those attack is secure cording or secure configuration of the web server.</P><P>But I need to tell the customer the exact information about PA's function.</P><P></P><P>Please don't mention custom signature, there's not so much customer who can make custom signature :smileygrin:</P><P></P><P>Thank you very much.</P></BODY></HTML> Tue, 18 Mar 2014 04:45:04 GMT JTR 2014-03-18T04:45:04Z https://live.paloaltonetworks.com/t5/general-topics/can-pa-block-web-shell-or-shell-script/m-p/48412#M35625 <HTML><HEAD></HEAD><BODY><P>Hello, guys~</P><P>One of my customer want to know whether the Pan block web shell or shell script. In my opinion, there's no ips which can block those attacks 100%. </P><P>Threat prevention of the PA is signature base also, which means if it detects well-known web shell, it might block it. If not, it can't.</P><P></P><P>It's sure that web shell is based on web server application vulnerability or miss configuration. So the basic method to block those attack is secure cording or secure configuration of the web server.</P><P>But I need to tell the customer the exact information about PA's function.</P><P></P><P>Please don't mention custom signature, there's not so much customer who can make custom signature :smileygrin:</P><P></P><P>Thank you very much.</P></BODY></HTML> Tue, 18 Mar 2014 04:45:04 GMT https://live.paloaltonetworks.com/t5/general-topics/can-pa-block-web-shell-or-shell-script/m-p/48412#M35625 JTR 2014-03-18T04:45:04Z https://live.paloaltonetworks.com/t5/general-topics/can-pa-block-web-shell-or-shell-script/m-p/48413#M35626 <HTML><HEAD></HEAD><BODY><P>Palo Alto Networks can help protect a great many things. <SPAN style="line-height: 1.5em; font-size: 10pt;">We can block file types, viruses, threats, </SPAN>vulnerability<SPAN style="line-height: 1.5em; font-size: 10pt;"> etc. </SPAN></P><P></P><P>If the shell script that is being executed is part of a known threat/vulnerability, then we should be able to detect that and stop it (if configured to do so).</P><P>Otherwise we do not block shell scripts. Unless you want to create a regex (Regular Expression) and create a custom signature.. I am sorry, you told me not to say that.</P><P></P><P>For the record, here are instructions on creating Custom Signatures:</P><P><A href="https://live.paloaltonetworks.com/docs/DOC-5534">Creating Custom Threat Signatures</A></P><P></P><P>Does that help answer your question?</P></BODY></HTML> Fri, 21 Mar 2014 15:29:30 GMT https://live.paloaltonetworks.com/t5/general-topics/can-pa-block-web-shell-or-shell-script/m-p/48413#M35626 jdelio 2014-03-21T15:29:30Z