Here is the FileType list with Threat-ID as of May, 2017.
*The Description for each File Type does not included on this page due to contents size limitation.
This is a useful reference document. Would it be possible to have it updated or if there a command on the appliance that can produce the same results?
The list in the above document is up to date.
You can also see the list in the Help section of the file blocking profile. This is listed in table 143 in the firewall help section.
This is indeed a useful reference document. Could table 143 be updated to include the "Threat ID" ?
Could the "Threat DB" be expanded to include these "Threat ID". It would be nice of the "Threat DB" to be updated to include the "Suspicious DNS Query" 4,090,000+ range as well.
This doesn't have CSV file. which practically doesn't have any row limit. is palo alto serious about file type blocking. we should be able to block it at least in UPLOAD direction.
FYI, this list has been updated.
@Ashishbarmase, I am sorry that CSV is not in this list.I would recommend that you contact your local SE and let them know that this should be available as a file type to block. They are able to do this with a Feature Request. As i do not have the capabilities to create a feature request.
Is this list currently correct?
I cannot block JPG, PNG, BMP on download, but can on upload?
I cannot download bmp but that is commented as 'upload only' so I would expect this.
How come .js hasn't made this list yet?
Please can we add SCF extensions to this list please?
@Tron : .js is basically a text file which could be real tricky. You could reach out to your local sales tean to have it added to a Feature Request
@Manshead_School feature requests can't be handled through the Live Community, please reach out to a local sales team to have it added to a Feature Request
I have found out that image files cannot be blocked by design.
Graphics and text files (jpg, gif, txt) are basic elements in web pages, and blocking these would effectively block entire websites.They are too common in download and hence the signatures for these have been disabled long back.The file types png, jpeg, gif will be downloaded even though a profile is created to block the download of the same.The upload will be blocked. This is by design.If you feel this should be supported then you can email your Local PAN SE and ask them to raise a Feature Request.
It seems like encrypted docx from Office 2010, 2013 and 2016 are going into id 52033.
Is it possible to have a dedicated id for those kind of encrypted documents like you have with 2007 versions?
In the above table, when the File Type (eg. gzip) have the File Type Direction as Download, does that mean we cannot have it inspected on Upload or Both directions?
if a direction is indicated it means the filetype can only be intercepted in that direction (eg. 'download' signatures are only triggered when the file is transmitted from server to client)
Thank you for the great information. Very helpful to our customers!
Do you have an updated version, including any any details for 8.0 and later with the unique DI change?
This article has been very helpful. However, I have a few questions.
1) Why are several ID numbers marked as N/A? Were they valid signatures in the past that have been deprecated?
2) The following file types on the list above but are not available in PANOS 8.0 file blocking profiles. Why is this?
3) The following file types are available in the PANOS 8.0 file blocking profiles but are not in the list above. Why is this?
What about .com files? "EICAR.com" ?