Unable to negate Signature pattern-match. Why Custom Vulnerability has Negate option but Apps NOT?

I created custom app for ldaps tcp/636 based on signature (ssl-rsp-certificate) which contains text from certificate

This caused https - tcp/443 (ssl based) traffic to match this new custom app.
After some investigation I realised that https context ss

Blocking web content with custom data patterns

Hi all,

I'm trying to use custom data patterns to block all content related to the 'Momo' hoax.  I'm having issues getting around the fact that 'momo' is smaller than 7 bytes.

Do you have any recommendations on how to use an anchor 7 bytes or longer

Office XML with Macros

This is a custom vulnerability signature I created based on what I was seeing come through to our users.  Usually, the malicious Office files with macros were in either the binary Office 2003 format or the newer Office 2007+ format.  What I was seein

Custom Antivirus Signatures

Is it possible to create custom antivirus signatures?

Goal is to block files with certain hashes. The original file is not available, only the hash.

Is there any way to submit hashes to PANW so that they create signatures? (Something similar like for U

Webmail Control via URL

Can paloalto control the sending of web mail?

i want to make it impossible to send out from the webmail.

There is a service called Naver that provides web mail like Google.

for example,

The URL for sending is as follows.

mail.naver.com/n=111113333&v=f#%

Custom signature not working as expected

Hi Guys

I have the follwoing issue:

I have a policy rule where I allow  smtp flow! On this rule I have a vulnerability protection profile. In this pofile I have 2 rules:

- one rule which is supposed to allow emails with bb.com in the subject

-the second

Identifying Mobile no - Data Pattern

Dear All,

Please find bellow our requirement:

1) We would like to restrict document going out from their network which has more than 5 mobile numbers.

Thus would require a regex of mobile no to be configured in Data Pattern.

We configure regex  -

((.*09

Application with Custom Signature & Layer 7 Processing

Hello All,

I have a PaloAlto PA-500 firewall on which I created my custom application based on custom signature. During the custom application creation on the Characterestics section I checked the "Continue scanning for other application" flag (refer

custom signature to reset php pages

Hi,

I have only CFM pages so I want to reset/block all traffic about PHP extension in my pages.

How can I implement this?

Greetings

To customize app-id or no

Hi

Newish user to PA's 1 year now I think.

I came from cisco - ip / port acl's

I am trying to move to app-id nicer easier policies.

So for office traffic I use app-id 

for my prod platform I use applicaiton overide to custom applications, so that I can

How to customize a special Cross-Site Scripting blocking signature?

How to customize a special Cross-Site Scripting blocking signature?

Cross-Site Scripting:

http://xxx.xxx.xxx/search~S5*cht/?searchtype=X&searcharg=1234&searchscope=5&sortdropdown=-&SORT=DZ&extended=0&SUBMIT=%E6%9F%A5%E8%A9%A2&searchlimits=%22%20oNmOuS

custom option for Email alert notification

Hi 

we have a PA 220 firewall configured with multiple ISP's, how to get an email alert if any ISP link up or down is it possible to configure 

Custom signature for IMAP

Hey there!

I need to create a custom application based on the LOGIN string sent to an IMAP server (Office 365) via port 993 (TLS/SSL encrypted) to differentiate it from other O365 traffic. Tech_Note-Creating_Custom_Signatures-RevE.pdf I should be abl