Issues Creating Custom App

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Issues Creating Custom App

L2 Linker

In order to allow Updates to OneDrive im trying to create a custom application. (since I'm blocking PE) as it is detected as web-browsing. It does not detect that ms one drive premade application. 

 

I created a custom signature with the Client hello sni (oneclient.sfx.ms), as I found that from the packet capture. My issue is that it works for some of the traffic but other traffic it is not recognizing the app as OneDrive. 

 

What could be going wrong?

6 REPLIES 6

Cyber Elite
Cyber Elite

If you go to Monitor > Data Filtering and get destination IP where file download was attempted from and then go to Monitor > URL Filtering and use the same destination IP as filter what URL do you see in logs?

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

I see oneclient.sfx.ms/

L2 Linker

Any more insights into this?

Cyber Elite
Cyber Elite

Add new URL category 

Objects > Custom Objects > URL Category

 

add 2 entries

*.oneclient.sfx.ms/

oneclient.sfx.ms/

 

Create security policy above default outgoing policy to permit traffic to newly created URL category and assign file blocking profile to the rule that does not block download of executable files.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

That still is not working and its only for some users. 

Cyber Elite
Cyber Elite

You can add those specific users into "Source User" field to permit rule for those users only.

 

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
  • 4301 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!