Anyone Blocked a specific file from being downloaded?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Anyone Blocked a specific file from being downloaded?

L3 Networker

Hello All,

   I am wondering if there is a way to block a specific file from any internet source.  We would like to block users from grabbing a specific unsupported browser. (when you have 85k+ workstations - you need to keep them uniform for supportability Smiley Wink)

   I am looking at the File Blocking option and it doesn't seem to allow for specification of the filename ...

  Any ideas?

Thanks

Art

7 REPLIES 7

L6 Presenter

Hi Art... There is no way to block file based on Name ... It can be blocked by type.

L7 Applicator

Hi,

Could you please check with Data Filtering Profiles. We can create a custom data-filtering profile as mentioned below.

Objects > Security Profiles > Data Filtering

Custom Patterns—To match a custom data pattern for the traffic that is subject to this profile, create a custom data pattern by clicking Add and specifying the pattern name, regular expression (regex) to match, and weight (0-255, 255 is highest weight). You can add multiple match expressions to the same data pattern profile.

Hope it will help you.

Thanks

Subhankar

L5 Sessionator

Hi Art,

If you have a particular URL's where it can be downloaded from then you can block them based on custom URL.

Hope this helps

Thanks

Hi Subhankar,

   Good Idea... I will explore this idea.

   One of our Team found this KB article:

https://live.paloaltonetworks.com/docs/DOC-3375

I have been exploring this - it looks really solid... so need to figure out how to test it and go from there.

thanks for the help!

Art

Hi,
   This is what we thought of first ... but realized (via a Bing search) the file is available from hundreds of sources... so not going to work for us.

Thanks

Art

L4 Transporter

You also might want to look into creating a custom AppID (Application signature), The following doc shows how to create one:

https://live.paloaltonetworks.com/docs/DOC-2015

It is just a matter of finding what is in the GET http uri header and creating a signature based on that. If it is a browser, it should use the same name for the exe or zip file so it should be straight forward. I have created a couple and they work well.

The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries.

L4 Transporter

Art,

The Knowledge base article is correct.  We are creating custom vulnerability signatures to prevent the downloading of specific file names. Such as Bad-Filename.zip or Bad-Filename.exe  The signatures are based on http-uri path and file name so the server hosting name or location on the internet is irrelevant.  This has been successful for us and we also use it to block the downloading of tool-bars and other unwanted software.  There are some precautions (filename or uri path/filename  should be unique to avoid false blocking) signature also needs to be minimum of 7 characters.

Phil

  • 5245 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!