Block a digital signer?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Block a digital signer?

L1 Bithead

Does anyone know if there is a way to block a digital signer? Or does anyone have any better ideas for blocking Wave Browser without blocking all of their ever-changing thousands of hashes?

4 REPLIES 4

L4 Transporter

Hi Enewman,

typically the signer block list is maintained by PANW team and it is distributed via content updates. 

The way to block a process by the customers is to block the hash as you have done. The hash will be checked before the WF verdict so it will prevail before WF check. 
An indirect way to create a signer block is the following: 

You create a custom BIOC for this signer and then you push it on to a restriction profile.  

This way the process will execute but inmediately the behavioural threat protection will kick in and block & kill the process

I hope this helps, like it please if it was useful

Have Fun with it, 

Luis 

L3 Networker

its funny your brining this up, I have seen tons of activity on this as well this week. I ended up blocking the hash but I am sure that will change at some point. 

L2 Linker

Same, just added a new BIOC to take care of it. 

L2 Linker

Hello @eumbach would you possibly share what your BIOC looked like.  Looking for tips, not had much experience in creating.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!