This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Blocking images with EXIF data

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Blocking images with EXIF data

Go to solution
chrisdduncan
L0 Member

‎11-15-2013 10:54 AM

I have a customer that wants to block outbound images that have EXIF data (gps coordinates).  Can this be accomplished with a customer app-id doing a pattern match perhaps?

Labels:
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
ymiyashita
L5 Sessionator

‎12-02-2013 11:19 PM

I guess it's not possible to do pattern match because what you'll do here is to look for EXIF tag IDs for GPS but they are less than 7 bytes.

0x8825 : GPSInfoIFDPointer

0xF4240 : GPSVersionID

etc

- Yasu

View solution in original post

0 Likes Likes
4 REPLIES 4

Go to solution
Phoenix
L4 Transporter

‎11-15-2013 11:32 AM

Hello chrisdduncan,

Yes if the customer can create a custom application after analyzing the data pattern and loading that as a signature in the custom app and block it as needed.

I have seen in file blocking profile that I do not find a file type exif. But if this can be caught as a signature then yes we can have control over it.

Thanks

0 Likes Likes

Go to solution
mikand
L6 Presenter
In response to Phoenix

‎12-01-2013 09:15 AM

Please send me a PM (or even better put it online in this thread 🙂 in case somebody has already created such IDS signature for PA. That is images containing EXIF data (or more specific containing geolocation EXIF data).

0 Likes Likes

Go to solution
mbutt
L5 Sessionator

‎12-02-2013 11:15 AM

Hi,

I would suggest to post the question in dev center community.

It is"the online community for customers, partners, and employees to share custom content including Custom App-IDs, Custom Threats, Custom Reports, XML API integration, CLI scripts, and other tools. Use the discussion threads to ask questions and receive help from other members. The current samples would be a good start. "

There might be someone already who has worked on this app. Also you can submit a request for new app. The following link explains on how you can do that

https://live.paloaltonetworks.com/docs/DOC-1879

Hope this helps.

Regards,

Numan

Go to solution
ymiyashita
L5 Sessionator

‎12-02-2013 11:19 PM

I guess it's not possible to do pattern match because what you'll do here is to look for EXIF tag IDs for GPS but they are less than 7 bytes.

0x8825 : GPSInfoIFDPointer

0xF4240 : GPSVersionID

etc

- Yasu

0 Likes Likes
  • 1 accepted solution
  • 2891 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks