- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Edit: Dec 10, 2019 @ 1:28PM PT - added test URLs for grayware and cryptocurrency
Edit: Jan 28, 2020 @ 2:45PM PT - added dates to begin publishing Cryptocurrency and grayware.
Beginning with content release version 8206, we added two new URL Filtering categories: “Grayware” and “Cryptocurrency.”
ACTION: Administrators should immediately set their grayware category to BLOCK due to the obtrusive behavior from these websites. Palo Alto Networks recommends that you also subscribe to this FAQ for updates as they become available.
Palo Alto Networks defines Grayware as websites that do not pose a direct security threat but that display other obtrusive behavior and tempt the end user to grant remote access or perform other unauthorized actions. Grayware typically includes scams, adware, and other unwanted or unsolicited applications, such as embedded crypto miners or hijackers that change the elements of the browser (such as the default landing page, search engines, or installing an extension for tracking purposes).
If you do not change the default action of the grayware category to block, your network will allow all attempted connections to grayware-related URLs to succeed and your users will have access to these websites.
The ability to set the default action for the default profile to BLOCK is available only in PAN-OS 8.0.2 and later releases. Only customers running PAN-OS 8.0.2 or a later release will automatically have their default action set to BLOCK and only in the default profile. This functionality is not available in earlier releases of PAN-OS software.
NOTE: for PAN-OS 8.0.2 and later releases, you should check to ensure that the action is properly updated to BLOCK within your default profile.
If you have multiple URL Filtering Security profiles, you need to update the default action to BLOCK for each of these profiles. This applies to all versions of PAN-OS software.
Palo Alto Networks defines the Cryptocurrency category as websites that promote crypto currencies, crypto mining websites (but not embedded crypto miners), crypto currency exchanges and vendors, and websites that manage crypto currency wallets and ledgers.
This category does not include traditional financial services websites that reference crypto currencies, websites that explain and describe how crypto currencies and block chains work, or websites that contain embedded crypto currency miners (grayware).
By default, the Cryptocurrency action is set to “alert” only for the default profile. If you have multiple URL Filtering Security profiles, you need to update the default action to “alert” for each of these profiles if you want consistent alerting across all profiles. This applies to all versions of PAN-OS software.
Please consult your legal and privacy teams if you choose to allow and decrypt this category to account for any Personally Identifiable Information (PII).
The Grayware and Cryptocurrency categories will be visible on the administrator management console but we will not use these categories to classify web pages until January 2020. During this time, you are able to update your policy action for these new categories. After Palo Alto Networks begins to label existing and new URLs using these two new categories, all Grayware and Cryptocurrency URLs will be classified as such and your configured policy actions will be enforced on the firewall accordingly.
The use of Grayware and Cryptocurrency categories is scheduled to begin in mid-January 2020. This blog will be updated when both categories are fully functional.
Starting February 3, 2020, Palo Alto Networks will start publishing URLs that are categorized as grayware and cryptocurrency. Please ensure that your Security policy rules are configured properly for these two new categories.
The test URL for grayware is: https://urlfiltering.paloaltonetworks.com/test-grayware
The test URL for cryptocurrency is: https://urlfiltering.paloaltonetworks.com/test-cryptocurrency
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
3 Likes | |
2 Likes | |
1 Like | |
1 Like | |
1 Like |