cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Block Hashes

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Joshan_Lakhani
L4 Transporter
‎03-28-2020 10:33 PM
‎03-28-2020 10:33 PM

Block Hashes

how to block hashes in firewall . 

1 person had this problem.
0 Likes
Reply
Highlighted
SutareMayur
L6 Presenter
‎03-28-2020 11:58 PM
‎03-28-2020 11:58 PM

@Joshan_Lakhani,

 

Currently it is not possible to block hashes in Palo Alto Firewall.

 

Mayur



Mayur
0 Likes
Reply
Highlighted
Joshan_Lakhani
L4 Transporter
‎03-29-2020 03:54 AM
‎03-29-2020 03:54 AM

Can we block file hashes in paloalto

 

0 Likes
Reply
Highlighted
Joshan_Lakhani
L4 Transporter
‎03-29-2020 04:27 AM
‎03-29-2020 04:27 AM

For reference file is pasted below .

 

filename

md5

sha1

sha256

ssdeep

note

CuscalApplication.exe

01d397df2a1cf1d4c8e3615b7064856c

43a7858a0564c500e7f248762353f5b1ec3f3ef8

d928b1c1096e636463afbd19f40a6b325e159196b4497895748c31535ea503dc

3072:Ub9gBv06BB7AIiTYhs5UCe0lvtvxQGsRrDhuO7GXFeD1nylc/Bx4:Ubi+6LAIJhs551xFsF5S1eUYO

Lazarus/FASTCash malware, fraudulent job application campaign

0 Likes
Reply
Highlighted
SutareMayur
L6 Presenter
‎03-29-2020 05:21 AM
‎03-29-2020 05:21 AM

@Joshan_Lakhani,

 

Unfortunately, right now there no option to block file hashes in Palo Alto. You can try by creating Custom Signature for your use case.

 

Mayur



Mayur
0 Likes
Reply
Highlighted
Joshan_Lakhani
L4 Transporter
‎03-29-2020 05:23 AM
‎03-29-2020 05:23 AM

thanks for you reply

 

Is any document for Customer  signature to block this hash

0 Likes
Reply
Highlighted
SutareMayur
L6 Presenter
‎03-29-2020 06:15 AM
‎03-29-2020 06:15 AM

@Joshan_Lakhani,

 

Actually it is not possible to create custom Signature in PA based on file hash value. But yes there are options custom signatures based on file types patterns. Please refer below articles.

 

https://live.paloaltonetworks.com/t5/Custom-Signatures/Detecting-a-specific-Linux-binary-ELF-file-us...

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClOFCA0

 

Hope it helps you!

 

Mayur



Mayur
0 Likes
Reply
Highlighted
OtakarKlier
Cyber Elite
Cyber Elite
‎03-30-2020 10:07 AM
‎03-30-2020 10:07 AM

Hello,

Take a look at a program that blocks on these features. Maybe block it with your AV or some other app whitelisting application such as bit9.

 

Regards,

0 Likes
Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2020 - Palo Alto Networks