FileType list with the Threat-ID number

Printer Friendly Page

Here is the FileType list with Threat-ID as of May, 2017.

*The Description for each File Type does not included on this page due to contents size limitation.

 

ID Name File Type Name Min Version Scope File Type Direction
52000  Microsoft PowerPoint  ppt  1.0.1  session  both
52001  Microsoft Word DOC File  doc  1.0.1  session  both
52002  Microsoft Excel XLS File  xls  1.0.1  session  both
52003  Microsoft Cabinet (CAB)  cab  1.0.1  protocol-data-unit  both
52004  ZIP  zip  1.0.1  protocol-data-unit  both
52005  TAR  tar  1.0.1  protocol-data-unit  both
52006  HTA (HTML Application)  hta  1.0.1  session  both
52007  Windows Program Information File (PIF)  pif  1.0.1  protocol-data-unit  both
52008  Windows Registry (REG)  reg  1.0.1  protocol-data-unit  both
52009  Windows Batch (BAT)  bat  1.0.1  session  both
52010  Windows Script (WSF)  wsf  1.0.1  session  both
52011  Microsoft PowerPoint PPT File  ppt  1.0.1  protocol-data-unit  both
52012  Microsoft Word DOC File  doc  1.0.1  protocol-data-unit  both
52013  Microsoft Excel XLS File  xls 5.0.0  protocol-data-unit  both
52014  GZIP  gzip  1.0.1  protocol-data-unit  both
52015  RAR  rar  1.0.1  protocol-data-unit  both
52016  Z Compressed  zcompressed  1.0.1  protocol-data-unit  both
52017  Perl Script  pl  1.0.1  protocol-data-unit  both
52018  Shell Script  sh  1.0.1  protocol-data-unit  both
52019  Windows Dynamic Link Library (DLL)  dll  1.0.1  protocol-data-unit  both
52020  Windows Executable (EXE)  exe  1.0.1  protocol-data-unit  both
52021  Adobe Portable Document Format (PDF)  pdf  1.0.1  protocol-data-unit  both
52022  Microsoft Word 2007 DOCX File  docx  1.0.1  protocol-data-unit  both
52023  Microsoft PowerPoint 2007 PPTX File  pptx  1.0.1  protocol-data-unit  both
52024  Microsoft Excel 2007 XLSX File  xlsx  1.0.1  protocol-data-unit  both
52025  Pretty Good Privacy Format (PGP)  pgp  1.0.1  protocol-data-unit  both
52026  Encrypted ZIP  encrypted-zip  1.0.1  protocol-data-unit  both
52027  GZIP  gzip  1.0.1  protocol-data-unit  download
52028  Microsoft Excel Encrypted XLS File  encrypted-xls  1.0.1  protocol-data-unit  both
52029  Plan Text File  txt  1.0.1  session  download
52030  TIF File  tif  1.0.1  protocol-data-unit  both
52031  MDB File  mdb  1.0.1  protocol-data-unit  both
52032  CSV File  csv  1.0.1  session  download
52033  Microsoft MSOFFICE  msoffice  1.0.1  protocol-data-unit  both
52034  Encrypted RAR File  encrypted-rar  1.0.1  protocol-data-unit  both
52035  Encrypted PGP File  pgp  1.0.1  protocol-data-unit  both
52036  MDI File  mdi  1.0.1  protocol-data-unit  both
52037  PXE File  pxe  1.0.1  protocol-data-unit  both
52038  Microsoft Word Encrypted DOC File  encrypted-doc  1.0.1  protocol-data-unit  both
52039  Microsoft Encrypted PowerPoint File  encrypted-ppt  1.0.1  protocol-data-unit  both
52040  Windows Batch (BAT)  bat  5.0.0  session  download
52041  Activex File  ocx  1.0.1  session  both
52042  Activex CAB File  ocx 2.0.0  protocol-data-unit  download
52043  WRI File  wri  2.1.0.8  protocol-data-unit  both
52044  RTF File  rtf  1.0.1  protocol-data-unit  both
52045  MPEG File  mpeg  2.1.0.8  protocol-data-unit  both
52046  WMV File  wmv  1.0.1  protocol-data-unit  both
52047  FLV File  flv  1.0.1  protocol-data-unit  both
52048  AVI File  avi  1.0.1  protocol-data-unit  both
52049  Quicktime MOV File  mov  1.0.1  protocol-data-unit  both
52050  Download All Files Except TXT HTML and pictures  all  1.0.1  protocol-data-unit  download
52051  All File Upload  all  1.0.1  protocol-data-unit  upload
52052  All File Download  all  1.0.1  protocol-data-unit  download
52053  PCL File  pcl  1.0.1  protocol-data-unit  both
52054  MP3 File  mp3 3.1.0  session  both
52055  PBM File  pbm  2.1.0.8  protocol-data-unit  both
52056  PSD File  psd  2.1.0.8  protocol-data-unit  both
52057  SGI File  sgi  2.1.0.8  protocol-data-unit  both
52058  Softimage PIC File  softimg  2.1.0.8  protocol-data-unit  both
52059  XPM File  xpm  1.0.1  protocol-data-unit  both
52060  Microsoft PE File  PE  1.0.1  protocol-data-unit  both
52061  AI File  ai  1.0.1  protocol-data-unit  both
52062  SVG File  svg  1.0.1  protocol-data-unit  both
52063  SHK File  shk  1.0.1  protocol-data-unit  both
52064  Maya MB File  mb  2.1.0.8  protocol-data-unit  both
52065  Maya ASCII File  ma  1.0.1  protocol-data-unit  both
52066  DPX File  dpx  2.1.0.8  protocol-data-unit  both
52067  CIN File  cin  2.1.0.8  protocol-data-unit  both
52068  EXR File  exr  1.0.1  protocol-data-unit  both
52069  RLA File  rla  2.1.0.8  protocol-data-unit  both
52070  RPF File  rpf  2.1.0.8  protocol-data-unit  both
52071  GIF File  gif  1.0.1  protocol-data-unit  both
52072  JPEG File  jpeg  1.0.1  protocol-data-unit  both
52073  PNG File  png  1.0.1  protocol-data-unit  both
52074  BMP File  bmp  1.0.1  protocol-data-unit  both
52075  IFF File  iff  2.1.0.8  protocol-data-unit  both
52076  WMF File  wmf  1.0.1  protocol-data-unit  both
52077  EMF File  emf  1.0.1  protocol-data-unit  both
52078  EPS File  eps  1.0.1  protocol-data-unit  both
52079  DXF File  dxf  1.0.1  protocol-data-unit  both
52080  MIF File  mif  1.0.1  protocol-data-unit  both
52081  Unknown File  unknown  3.0.0  protocol-data-unit  both
52082  Microsoft Word 2007 IRM Encrypted DOCX File  encrypted-docx  1.0.1  protocol-data-unit  both
52083  Microsoft Excel 2007 IRM Encrypted XLSX File  encrypted-xlsx  1.0.1  protocol-data-unit  both
52084  Microsoft PowerPoint 2007 IRM Encrypted PPTX File  encrypted-pptx  1.0.1  protocol-data-unit  both
52085  Microsoft Word 2007 Encrypted DOCX File  encrypted-docx  1.0.1  protocol-data-unit  both
52086  Encrypted Microsoft Office 2007 File  encrypted-office2007  1.0.1  protocol-data-unit  both
52087  Encrypted Microsoft Office 2007 File  encrypted-office2007  1.0.1  protocol-data-unit  both
52088  ISO File  iso  2.1.0.8  protocol-data-unit  both
52089  MSI File  msi 1.0.0  protocol-data-unit  both
52090  Torrent File  torrent 1.0.0  protocol-data-unit  both
52091  N/A        
52092  CMD Windows Script File  cmd 1.0.0  session  both
52093  LZH File  lzh 1.0.0  protocol-data-unit  both
52094  LNK File  lnk  2.1.0.8  protocol-data-unit  both
52095  DWG File Detected  dwg  2.1.0.8  protocol-data-unit  both
52096  GIF File Upload  gif-upload  2.1.0.8  protocol-data-unit  upload
52097  JPEG File Upload  jpeg-upload  2.1.0.8  protocol-data-unit  upload
52098  BMP File Upload  bmp-upload  2.1.0.8  protocol-data-unit  upload
52099  RealMedia File  rm  2.1.0.8  protocol-data-unit  both
52100  PNG File Upload  png-upload 3.1.0  protocol-data-unit  upload
52101  Mac Application Tar Detected  macapp 3.1.0  protocol-data-unit  both
52102  Mac Application Zip Detected  macapp 3.1.0  protocol-data-unit  both
52103  Mac MPKG Detected  mpkg 3.1.0  protocol-data-unit  both
52104  MP4 Detected  mp4 3.1.0  protocol-data-unit  both
52105  MKV Detected  mkv 3.1.0  protocol-data-unit  both
52106  AVI DIVX Video Detected  avi-divx 3.1.0  protocol-data-unit  both
52107  AVI XVID Video Detected  avi-xvid 3.1.0  protocol-data-unit  both
52108  Android Package File Detected  apk 3.1.0  protocol-data-unit  both
52109  Graphic Data System File Detected  gds 3.1.0  protocol-data-unit  both
52110  Tanner Database File  tdb 3.1.0  protocol-data-unit  both
52111  OrCAD DSN File  dsn 3.1.0  protocol-data-unit  both
52112  EDIF File  edif 3.1.0  protocol-data-unit  both
52113  EDIF File  edif 3.1.0  protocol-data-unit  both
52114  VBScript Encoded File  vbe 5.0.0  session  both
52115  ISO File  iso 3.1.0  protocol-data-unit  both
52116  JAR File  jar 3.1.0  protocol-data-unit  both
52117  Java Class File  class 3.1.0  protocol-data-unit  both
52118  Apple iWork Pages File  iwork-pages 3.1.0  protocol-data-unit  both
52119  Apple iWork Numbers File  iwork-numbers 3.1.0  protocol-data-unit  both
52120  Apple iWork Keynote File  iwork-keynote 3.1.0  protocol-data-unit  both
52121  CorelDRAW File  cdr 4.0.0  protocol-data-unit  both
52122  Design Web Format File  dwf 4.0.0  protocol-data-unit  both
52123  CAD STEP File  stp 3.1.0  protocol-data-unit  both
52124  CAD STEP File  stp 3.1.0  protocol-data-unit  both
52125  N/A        
52126  N/A        
52127  N/A        
52128  Windows BAT  bat 4.0.0  session  both
52129  Windows Script  wsf 3.1.0  protocol-data-unit  both
52130  Encrypted PDF  encrypted-pdf 3.1.0  protocol-data-unit  both
52131  HTML Application  hta 4.0.0  session  both
52132  Android Package File Detected  apk 5.0.0  protocol-data-unit  both
52133  CMD Windows Script File  cmd 5.0.0  session  both
52134  N/A        
52135  Android Package File Detected  apk 3.1.0  protocol-data-unit  both
52136  JPEG File Upload  jpeg-upload 3.1.0  protocol-data-unit  upload
52137  PNG File Upload  png-upload 3.1.0  protocol-data-unit  upload
52138  BMP File Upload  bmp-upload 3.1.0  protocol-data-unit  upload
52139  GIF File Upload  gif-upload 3.1.0  protocol-data-unit  upload
52140  Microsoft Word 2007 DOCX File  docx 3.1.0  protocol-data-unit  both
52141  Microsoft Excel 2007 XLSX File  xlsx 3.1.0  protocol-data-unit  both
52142  Microsoft PowerPoint 2007 PPTX File  pptx 3.1.0  protocol-data-unit  both
52143  Email Link  Email-link  6.1.0  protocol-data-unit  both
52144  Windows Screen Saver SCR File  scr 5.0.0  session  both
52145  Adobe Shockwave Flash File  flash 4.0.0  protocol-data-unit  both
52146  N/A        
52147  N/A        
52148  Windows Help File  hlp 3.1.0  protocol-data-unit  both
52149  Multi-Level Encoding  Multi-Level-Encoding 7.0.0  protocol-data-unit  both
52150  Catpart  catpart 3.1.0  protocol-data-unit  both
52151  DMG File Detected  dmg 5.0.0  protocol-data-unit  both
52152  PKG File Detected  pkg 3.1.0  protocol-data-unit  both
52153  MACH-O File Detected  mach-o 5.0.0  protocol-data-unit  both
52154  MacOSX Universal Binaries File Detected  mach-ub 3.1.0  protocol-data-unit  both
52155  MacOSX APP File Detected  macapp 5.0.0  protocol-data-unit  both
52156  JustSystems Ichitaro Document  ichitaro 3.1.0  protocol-data-unit  both
52157  ARJ File Detected  arj 3.1.0  protocol-data-unit  both
52158  7z File Detected  7z 3.1.0  protocol-data-unit  both
52159  CPL File  cpl 3.1.0  protocol-data-unit  both
52160  CHM File  chm 7.0.0  protocol-data-unit  both
52161  REUSE  msoffice 3.1.0  protocol-data-unit  both
52162  PKG File  pkg 7.0.0  protocol-data-unit  both
52163  Microsoft Word XML File  doc 5.0.0  protocol-data-unit  both
52164  Microsoft Excel XML File  xls 5.0.0  protocol-data-unit  both
52165  Microsoft Word Open XML File  docx 5.0.0  protocol-data-unit  both
52166  PY File  PY 5.0.0  protocol-data-unit  both
52168  MIME HTML File  mht 5.0.0  protocol-data-unit  both
52169  TAR  tar 5.0.0  protocol-data-unit  both
52170  MP3 Detected  mp3 5.0.0  protocol-data-unit  both
52171  Microsoft Word 2007 DOTM File  dotm 5.0.0  protocol-data-unit  both
52172  Windows Script  wsf 5.0.0  protocol-data-unit  both
52173  Deflate64 Compressed ZIP  deflate64-zip 5.0.0  protocol-data-unit  both
52174  ACE File  ace 5.0.0  protocol-data-unit  both
52175  ELF File  elf 5.0.0  protocol-data-unit  both
52177  WEBM File  webm 5.0.0  protocol-data-unit  both
52178  MPEG-TS File  mpeg-ts 5.0.0  protocol-data-unit  both
52179  7ZIP File  7zip 5.0.0  protocol-data-unit  both

 

Comments

Hello,

This is a useful reference document.  Would it be possible to have it updated or if there a command on the appliance that can produce the same results?

Phil

Hello Phil

The list in the above document is up to date.

You can also see the list in the Help section of the file blocking profile. This is listed in table 143 in the firewall help section.

Regards

Khan

Hello,

This is indeed a useful reference document. Could table 143 be updated to include the "Threat ID" ?

Could the "Threat DB" be expanded to include these "Threat ID". It would be nice of the "Threat DB" to be updated to include the "Suspicious DNS Query" 4,090,000+ range as well.

Thanks.

This doesn't have CSV file. which practically doesn't have any row limit. is palo alto serious about file type blocking. we should be able to block it at least in UPLOAD direction.

FYI, this list has been updated.

 

@Ashishbarmase, I am sorry that CSV is not in this list.
I would recommend that you contact your local SE and let them know that this should be available as a file type to block. They are able to do this with a Feature Request. As i do not have the capabilities to create a feature request.

Is this list currently correct?

 

I cannot block JPG, PNG, BMP on download, but can on upload?

 

I cannot download bmp but that is commented as 'upload only' so I would expect this.

 

Regards,

 

Davyboy

 

 

 

 

 

How come .js hasn't made this list yet?

Hi,

 

Please can we add SCF extensions to this list please? 

 

https://www.theregister.co.uk/2017/05/17/chrome_on_windows_has_credential_theft_bug/

 

Thanks,

 

Ant

 

 

@Tron : .js is basically a text file which could be real tricky. You could reach out to your local sales tean to have it added to a Feature Request

@Manshead_School feature requests can't be handled through the Live Community, please reach out to a local sales team to have it added to a Feature Request

I have found out that image files cannot be blocked by design.

 

Graphics and text files (jpg, gif, txt) are basic elements in web pages, and blocking these would effectively block entire websites.They are too common in download and hence the signatures for these have been disabled long back.

The file types png, jpeg, gif will be downloaded even though a profile is created to block the download of the same.The upload will be blocked. This is by design.

If you feel this should be supported then you can email your Local PAN SE and ask them to raise a Feature Request.

 

Davyboy.

 

 

Hi,

It seems like encrypted docx from Office 2010, 2013 and 2016 are going into id 52033.

 

Is it possible to have a dedicated id for those kind of encrypted documents like you have with 2007 versions?

 

- Kim

In the above table, when the File Type (eg. gzip) have the File Type Direction as Download, does that mean we cannot have it inspected on Upload or Both directions?

 

 

if a direction is indicated it means the filetype can only be intercepted in that direction (eg. 'download' signatures are only triggered when the file is transmitted from server to client)

Thank you for the great information.  Very helpful to our customers!

 

Do you have an updated version, including any any details for 8.0 and later with the unique DI change?

 

This article has been very helpful. However, I have a few questions.

 

1) Why are several ID numbers marked as N/A? Were they valid signatures in the past that have been deprecated?

 

2) The following file types on the list above but are not available in PANOS 8.0 file blocking profiles. Why is this?

  • 7zip
  • csv
  • dotm
  • Email-link
  • mht
  • pxe
  • PY
  • txt
  • unknown

 

3) The following file types are available in the PANOS 8.0 file blocking profiles but are not in the list above. Why is this?

  • encrypted-7z
  • hwp
  • split-cab
  • split-rar

Hi

What about .com files?  "EICAR.com" ?