Custom Vulnerability (.DMG)

Announcements
Attention: The LIVEcommunity is experiencing an interruption with videos in some areas. We apologize for any inconvenience this may cause. Thank you for your patience as we work towards a solution to restore videos.
Reply
Highlighted
Not applicable

Custom Vulnerability (.DMG)

Hi All,

PanOSS 5.0.10

The following site (amongst others) hosts a malicious file that I want to block: Download Genieo. The file is a .dmg and I want it blocked to my Mac user estate. Rather than block the URL I thought I would give Custom Signatures > Vulnerability a go. I am following the document Creating_Custom_Signatures-RevA (page 43).

File name is InstallGenieo.dmg with Hex of

0000000: 789c 730d 6262 6060 883f cf30 0a46 2400  x.s.bb``.?.0.F$.

0000010: 0087 f401 c878 9ced d43b 0ac2 4010 06e0  .....x...;..@...

0000020: 8885 d7f0 0e1e 20da 888d 10f0 004b c020  ...... ......K.

0000030: 8baf

I have created a custom vulnerability Configuration like so:

Screen Shot 2014-03-06 at 15.53.53.png

and Standard Signature, And Condition (Transaction) like so:

Screen Shot 2014-03-06 at 15.55.13.png

Once pushed from Panorama to my devices I don't see it in the logs as Alerting. I'm sure I'm missing something but being my first attempt, I'm not sure where. Should I add it to the Vulnerability Protection under Security Profiles or something..? Or am I doing this incorrectly in the first place...?:)

Any hints would be great,

Thanks

Highlighted
L3 Networker

Re: Custom Vulnerability (.DMG)

I am not an expert to say if the definition is correct.

Nonetheless you need the security profile in the security policy.

Highlighted
L5 Sessionator

Re: Custom Vulnerability (.DMG)

I think it would be best if you post the same thread in DevCenter as developer and other users expert in this answer on that community.

Hope this helps you find the answer.

Thank you

Numan

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!