Custom Vulnerability (.DMG)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Custom Vulnerability (.DMG)

Not applicable

Hi All,

PanOSS 5.0.10

The following site (amongst others) hosts a malicious file that I want to block: Download Genieo. The file is a .dmg and I want it blocked to my Mac user estate. Rather than block the URL I thought I would give Custom Signatures > Vulnerability a go. I am following the document Creating_Custom_Signatures-RevA (page 43).

File name is InstallGenieo.dmg with Hex of

0000000: 789c 730d 6262 6060 883f cf30 0a46 2400  x.s.bb``.?.0.F$.

0000010: 0087 f401 c878 9ced d43b 0ac2 4010 06e0  .....x...;..@...

0000020: 8885 d7f0 0e1e 20da 888d 10f0 004b c020  ...... ......K.

0000030: 8baf

I have created a custom vulnerability Configuration like so:

Screen Shot 2014-03-06 at 15.53.53.png

and Standard Signature, And Condition (Transaction) like so:

Screen Shot 2014-03-06 at 15.55.13.png

Once pushed from Panorama to my devices I don't see it in the logs as Alerting. I'm sure I'm missing something but being my first attempt, I'm not sure where. Should I add it to the Vulnerability Protection under Security Profiles or something..? Or am I doing this incorrectly in the first place...?:)

Any hints would be great,

Thanks

2 REPLIES 2

L3 Networker

I am not an expert to say if the definition is correct.

Nonetheless you need the security profile in the security policy.

L5 Sessionator

I think it would be best if you post the same thread in DevCenter as developer and other users expert in this answer on that community.

Hope this helps you find the answer.

Thank you

Numan

  • 3228 Views
  • 2 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!