Unknown File Types

Reply
Highlighted
L4 Transporter

Unknown File Types

Hi all,

we like to block or be alert when the file types .edrw and .easm (eDrawing) are passing the PA. Currently nothing is shown in the Monitoring Data Filtering.

Any idea how to get PAN to update file types in security profiles? Can I somehow report it to PAN?

L7 Applicator

Re: Unknow File Types

Hi

to have these filetypes added to the file blocking known filetypes you can reach out to your Palo Alto Networks SE to have them added in a feature request for our engineering and product management team to consider.

In the meanwhile you could go ahead and build a custom signature to match attributes common to these types of files (like any strings that would appear in the file) and have them blocked by means of threat prevention

this doc should be helpful: Creating Custom Threat Signatures

regards

Tom


Help the community: Like helpful comments and mark solutions
Reaper out
L4 Transporter

Re: Unknow File Types

Hi,

this means, if we are transfer 'PA unknown' file types, we will never be able to log and recognize it?...sad.

L4 Transporter

Re: Unknown File Types

You can log and recognize it if you create a custom threat signature.

I don't believe the PA identifies files solely based on the file extension.

L4 Transporter

Re: Unknow File Types

I have so many policies, zones etc. For example the internet  has so many of custom signatures. So how I have to detect them?

Also I like to see all data traffic in the Data Filtering Monitoring tab...

BTW: Could someone help me to create the custom signature for the both file types written in the first post?

L4 Transporter

Re: Unknown File Types

Hi,

created a custom signature, but I cannot define client2server or server2client. I like to block only uploads but PA is blocking both... could you please take a look?

2014-08-12_13-02-54.jpg

2014-08-12_13-15-27.jpg

both (NOT one of them) pattern of this file type should match:

2014-08-12_13-14-51.jpg

Our profile (add the custom object as exception):

2014-08-12_13-15-40.jpg

2014-08-12_13-15-48.jpg

Thx in advance!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!