File Blocking - .exe vs .exe

Reply
Highlighted
L4 Transporter

File Blocking - .exe vs .exe

I was testing file blocking before implementation and .exe does not get entirely blocked. 2 different exe files, one from microsoft does not get blocked while another from nirsoft gets blocked. Is there a difference to what kind of exe files get blocked. 

And what about other filetypes do they also behave same.

 

https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

http://www.nirsoft.net/utils/wireless_network_view.html

 

L4 Transporter

Re: File Blocking - .exe vs .exe

anyone ??

L2 Linker

Re: File Blocking - .exe vs .exe

as per you'r inputs its seems Palt Alto Firewall is able to block files over none-secured connection and block files from this site:

http://www.nirsoft.net/utils/wireless_network_view.html

 

and not able to block files over encrypted traffic

https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer 

 

did you using Outbound SSL Decryption (SSL Forward Proxy)?

 if Yes:  In case you'r using SSL Decryprion, the firewall proxies outbound SSL connections by intercepting outbound SSL requests and generating a certificate on the fly for the site the user wants to visit. The validity date on the PA-generated certificate is taken from the validity date on the real server certificate, and the decrypted data can be inspected for threats, URL filtering, file blocking, or data filtering. Decrypted traffic is never sent off the device.

 

 

 

Fawaz El-Diasti
PCNSE 7, ACE PAN-OS 6.1, 7.0, 8.0
L4 Transporter

Re: File Blocking - .exe vs .exe

I missed the fact it was ssl session with microsoft. No we don't decrypt outbound as of now.

L2 Linker

Re: File Blocking - .exe vs .exe

Yes it’s true if don’t using outbound-ssl decryption police then you will not be able to blocking file downloaded over ssl connection.
Fawaz El-Diasti
PCNSE 7, ACE PAN-OS 6.1, 7.0, 8.0
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!