03-06-2014 07:58 AM
The following site (amongst others) hosts a malicious file that I want to block: Download Genieo. The file is a .dmg and I want it blocked to my Mac user estate. Rather than block the URL I thought I would give Custom Signatures > Vulnerability a go. I am following the document Creating_Custom_Signatures-RevA (page 43).
File name is InstallGenieo.dmg with Hex of
0000000: 789c 730d 6262 6060 883f cf30 0a46 2400 x.s.bb``.?.0.F$.
0000010: 0087 f401 c878 9ced d43b 0ac2 4010 06e0 .....x...;..@...
0000020: 8885 d7f0 0e1e 20da 888d 10f0 004b c020 ...... ......K.
I have created a custom vulnerability Configuration like so:
and Standard Signature, And Condition (Transaction) like so:
Once pushed from Panorama to my devices I don't see it in the logs as Alerting. I'm sure I'm missing something but being my first attempt, I'm not sure where. Should I add it to the Vulnerability Protection under Security Profiles or something..? Or am I doing this incorrectly in the first place...?:)
Any hints would be great,
03-06-2014 01:12 PM
I am not an expert to say if the definition is correct.
Nonetheless you need the security profile in the security policy.
03-06-2014 01:53 PM
I think it would be best if you post the same thread in DevCenter as developer and other users expert in this answer on that community.
Hope this helps you find the answer.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!