Can PA block Web shell or shell script?

cancel
Showing results for 
Search instead for 
Did you mean: 

Can PA block Web shell or shell script?

Not applicable

Hello, guys~

One of my customer want to know whether the Pan block web shell or shell script. In my opinion, there's no ips which can block those attacks 100%.

Threat prevention of the PA is signature base also, which means if it detects well-known web shell, it might block it. If not, it can't.

It's sure that web shell is based on web server application vulnerability or miss configuration. So the basic method to block those attack is secure cording or secure configuration of the web server.

But I need to tell the customer the exact information about PA's function.

Please don't mention custom signature, there's not so much customer who can make custom signature :smileygrin:

Thank you very much.

1 REPLY 1

Community Team Member

Palo Alto Networks can help protect a great many things. We can block file types, viruses, threats, vulnerability etc.

If the shell script that is being executed is part of a known threat/vulnerability, then we should be able to detect that and stop it (if configured to do so).

Otherwise we do not block shell scripts. Unless you want to create a regex (Regular Expression) and create a custom signature.. I am sorry, you told me not to say that.

For the record, here are instructions on creating Custom Signatures:

Creating Custom Threat Signatures

Does that help answer your question?

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!