This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Custom Vulnerability (.DMG)

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Custom Vulnerability (.DMG)

nickcx1
Not applicable

‎03-06-2014 07:58 AM

Hi All,

PanOSS 5.0.10

The following site (amongst others) hosts a malicious file that I want to block: Download Genieo. The file is a .dmg and I want it blocked to my Mac user estate. Rather than block the URL I thought I would give Custom Signatures > Vulnerability a go. I am following the document Creating_Custom_Signatures-RevA (page 43).

File name is InstallGenieo.dmg with Hex of

0000000: 789c 730d 6262 6060 883f cf30 0a46 2400  x.s.bb``.?.0.F$.

0000010: 0087 f401 c878 9ced d43b 0ac2 4010 06e0  .....x...;..@...

0000020: 8885 d7f0 0e1e 20da 888d 10f0 004b c020  ...... ......K.

0000030: 8baf

I have created a custom vulnerability Configuration like so:

Screen Shot 2014-03-06 at 15.53.53.png

and Standard Signature, And Condition (Transaction) like so:

Screen Shot 2014-03-06 at 15.55.13.png

Once pushed from Panorama to my devices I don't see it in the logs as Alerting. I'm sure I'm missing something but being my first attempt, I'm not sure where. Should I add it to the Vulnerability Protection under Security Profiles or something..? Or am I doing this incorrectly in the first place...?:)

Any hints would be great,

Thanks

Labels:
2 REPLIES 2

prb
L3 Networker

‎03-06-2014 01:12 PM

I am not an expert to say if the definition is correct.

Nonetheless you need the security profile in the security policy.

mbutt
L5 Sessionator

‎03-06-2014 01:53 PM

I think it would be best if you post the same thread in DevCenter as developer and other users expert in this answer on that community.

Hope this helps you find the answer.

Thank you

Numan

  • 3369 Views
  • 2 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks