Blocking images with EXIF data

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Blocking images with EXIF data

L0 Member

I have a customer that wants to block outbound images that have EXIF data (gps coordinates).  Can this be accomplished with a customer app-id doing a pattern match perhaps?

1 accepted solution

Accepted Solutions

L5 Sessionator

I guess it's not possible to do pattern match because what you'll do here is to look for EXIF tag IDs for GPS but they are less than 7 bytes.

0x8825 : GPSInfoIFDPointer

0xF4240 : GPSVersionID

etc

- Yasu

View solution in original post

4 REPLIES 4

L4 Transporter

Hello chrisdduncan,

Yes if the customer can create a custom application after analyzing the data pattern and loading that as a signature in the custom app and block it as needed.

I have seen in file blocking profile that I do not find a file type exif. But if this can be caught as a signature then yes we can have control over it.

Thanks

Please send me a PM (or even better put it online in this thread 🙂 in case somebody has already created such IDS signature for PA. That is images containing EXIF data (or more specific containing geolocation EXIF data).

L5 Sessionator

Hi,

I would suggest to post the question in dev center community.

It is"the online community for customers, partners, and employees to share custom content including Custom App-IDs, Custom Threats, Custom Reports, XML API integration, CLI scripts, and other tools. Use the discussion threads to ask questions and receive help from other members. The current samples would be a good start. "

There might be someone already who has worked on this app. Also you can submit a request for new app. The following link explains on how you can do that

https://live.paloaltonetworks.com/docs/DOC-1879

Hope this helps.

Regards,

Numan

L5 Sessionator

I guess it's not possible to do pattern match because what you'll do here is to look for EXIF tag IDs for GPS but they are less than 7 bytes.

0x8825 : GPSInfoIFDPointer

0xF4240 : GPSVersionID

etc

- Yasu

  • 1 accepted solution
  • 2908 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!