Dropbox Signature Change?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Dropbox Signature Change?

L4 Transporter

Hello,

We have for some time now blocked the use of Dropbox (as an app) and only allow a few users access, based on a domain group.  Over last couple of weeks have noticed activity where non allowed users are able to access the application. In my initial investigation, it appears the sessions are not falling into the "dropbox" application object - but rather straight "SSL".  Still investigating.  I have placed a request with App Research Center to verify if DropBox changed their signatures.  Curious if anyone has seen this also or if known by support.  Thanks!

Mike

5 REPLIES 5

L4 Transporter

Mike,

As Dropbox uses a proprietary protocol for its file transfers, the signature is dynamic and can change over time.  If the content and threat detection engine is unable to match the specific signature that we have in our database for dropbox, it will fall back and identify it as SSL.  If you wish to submit the application to have a new signature generated, please do so using the following link:

< http://www.paloaltonetworks.com/researchcenter/submit-an-application/ >

It appears that you may have already submitted the request in the correct location.  You can check the release notes for each content update to see if dropbox signatures have been updated.

-Graham

Thank you Graham!

That is a great explanation - appreciate it.  Now I have a better explanation to tell our compliance folks.  I did place a request to have it looked at.  Didn't make it in this week's content update - but will watch for it in a future update.


Cheers,

Mike

Forgot to ask.  If we were running the SSL decryption - would that provide a sort of failover back to straight SSL - for the application object blocking? Or is the application objects independent of decryption? Thanks!

Due to the nature of Dropbox or possibly the company cert, it has been listed as an app excluded from ssl decryption.

https://live.paloaltonetworks.com/docs/DOC-1423


I believe this signature needs updated.   The current version of Dropbox failes to "establish secure connection" when decription is enabled, regardless of the fact that Palo Alto has an exclusion.     4.1.7, with all of the latest dynamic software signatures installed.

I believe this might be because Dropbox is making use of the Amazon S3 network, which may have a different SSL certificate.  I am not certain that this is the issue, but it looks likely.

  • 3603 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!