https://live.paloaltonetworks.com/t5/general-topics/blocking-extensions-using-data-filtering/m-p/104674#M44713 <P>hi,</P><P>&nbsp;</P><P>you can create a custom vulnerability signature to block it. But you have to Wireshark the traffic (down- or upload) with these files.</P><P>In the pcap you can read out the "file-unknown-body" signature of that file which looks like \x3136977BB061728878688662\x</P><P>&nbsp;</P><P>with this condition you can configure a pattern-match and the action to block the traffic.</P><P>&nbsp;</P><P>More information are available here:</P><P>&nbsp;</P><P><A href="https://live.paloaltonetworks.com/t5/Featured-Articles/Tips-amp-Tricks-Custom-Vulnerability/ta-p/71603" target="_blank">https://live.paloaltonetworks.com/t5/Featured-Articles/Tips-amp-Tricks-Custom-Vulnerability/ta-p/71603</A></P><P>&nbsp;</P><P><A href="https://live.paloaltonetworks.com/t5/Documentation-Articles/Creating-Custom-Threat-Signatures/ta-p/58569?attachment-id=1097" target="_blank">https://live.paloaltonetworks.com/t5/Documentation-Articles/Creating-Custom-Threat-Signatures/ta-p/58569?attachment-id=1097</A></P><P>&nbsp;</P><P><A href="https://live.paloaltonetworks.com/t5/APIs/Custom-signature-file-upload-blocking/m-p/25448/highlight/true#M650" target="_blank">https://live.paloaltonetworks.com/t5/APIs/Custom-signature-file-upload-blocking/m-p/25448/highlight/true#M650</A></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 19 Aug 2016 13:40:28 GMT Hithead 2016-08-19T13:40:28Z https://live.paloaltonetworks.com/t5/general-topics/blocking-extensions-using-data-filtering/m-p/104505#M44695 <P>Hello Everyone,</P><P>&nbsp;</P><P>I need help, i'm trying configure the data filtering for block extension with: .cd5, .4zx and .pekey</P><P>Someone already managed to configure data filtering this format?</P><P>&nbsp;</P><P>Thanks</P> Fri, 19 Aug 2016 02:03:01 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-extensions-using-data-filtering/m-p/104505#M44695 leandro.scardua 2016-08-19T02:03:01Z https://live.paloaltonetworks.com/t5/general-topics/blocking-extensions-using-data-filtering/m-p/104674#M44713 <P>hi,</P><P>&nbsp;</P><P>you can create a custom vulnerability signature to block it. But you have to Wireshark the traffic (down- or upload) with these files.</P><P>In the pcap you can read out the "file-unknown-body" signature of that file which looks like \x3136977BB061728878688662\x</P><P>&nbsp;</P><P>with this condition you can configure a pattern-match and the action to block the traffic.</P><P>&nbsp;</P><P>More information are available here:</P><P>&nbsp;</P><P><A href="https://live.paloaltonetworks.com/t5/Featured-Articles/Tips-amp-Tricks-Custom-Vulnerability/ta-p/71603" target="_blank">https://live.paloaltonetworks.com/t5/Featured-Articles/Tips-amp-Tricks-Custom-Vulnerability/ta-p/71603</A></P><P>&nbsp;</P><P><A href="https://live.paloaltonetworks.com/t5/Documentation-Articles/Creating-Custom-Threat-Signatures/ta-p/58569?attachment-id=1097" target="_blank">https://live.paloaltonetworks.com/t5/Documentation-Articles/Creating-Custom-Threat-Signatures/ta-p/58569?attachment-id=1097</A></P><P>&nbsp;</P><P><A href="https://live.paloaltonetworks.com/t5/APIs/Custom-signature-file-upload-blocking/m-p/25448/highlight/true#M650" target="_blank">https://live.paloaltonetworks.com/t5/APIs/Custom-signature-file-upload-blocking/m-p/25448/highlight/true#M650</A></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 19 Aug 2016 13:40:28 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-extensions-using-data-filtering/m-p/104674#M44713 Hithead 2016-08-19T13:40:28Z