- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-22-2009 08:15 AM
Hello guys,
Can you please advise how we can restrict access to file types such are .vbs and .msi?
These types are not available in the File block list.
Kind Regards,
John
10-22-2009 08:44 AM
John,
We just added MSI to this weeks content release. You should see it
show up if you upgrade to content update 150. We don't currently have
support for VBS files but we can take a look at adding support for
them in a future content release.
Mike
10-23-2009 04:46 AM
Thanks for the quick reply, I've just updated and added .msi to the block list.
Would it be possible to investigate if the following file types can be blocked?
.ade
.adp
.bas
.com
.cmd
.cpl
.lnk
.htr
.msh
.wsh
.wsf
.vbe
.vb
.shs
.scf
.scr
.msp
.mst
.isp
Many thanks,
John
11-19-2009 07:49 AM
I'd like to add .xap files. Silverlight uses these.
11-19-2009 11:53 AM
Charles,
Thanks for the suggestion. Can you tell me how controlling xap files differs from controlling silverlight as an application via App-ID?
Alfred
08-13-2010 06:16 AM
Hi Alfred,
I have noticed the file transfer blocking doesn’t work as expected. If a rule is in place blocking any file transfer using gmail or any other web-mail (Gmail not GTALK file transfer), it doesn’t work for file-types apart from the once mentioned in the list e.g. .TXT, .PCAP etc. If I select "ANY" as an option, that should block any attachments irrespective of the file-type or the extension. Even if PAN NGFW manages to block it, using a classic uploader option on gmail, the file goes right through. This is just a matter of checking a check-box on the settings page of the Gmail account, which an end user can easily do. I have tried the same with multiple web mails, attachment blocking doesn’t work for non listed file types, when the file type is selected as “ANY” in the file blocking profile.
Any advice would be appreciated.
Regards,
Sumukh Rao
08-15-2010 09:15 AM
Hi Sumukh,
As I told you, any means any of the below file types. It is a bit misleading.
Jones
11-01-2010 08:24 AM
Enclosed is a custom appID to detect for .jpg images. The signature is looking for the end of the URI path and matching on the string ‘\.jpg HTTP’ without the quote. This will work for web-browsing apps only, and a typical web request would look like this:
GET .../images/twitter_corp.jpg HTTP/1.1\r\n
GET .../pictures/logo.jpg HTTP/1.1\r\n
You can import this appID into the PAN device under Objects ==> Application. Once verified, you can clone the app and change the app signature to match other file types like .scr, .pif, etc.
11-01-2010 05:28 PM
Are you decrypting the Gmail session so that the PA unit can actually see the upload?
Tariq
08-11-2017 04:55 AM
Hi,
Is there any update on blocking the below list of file types please?
Thanks,
Kate.
08-11-2017 05:03 AM
Kate
this is a pretty long list, are you looking for a specific filetype ?
08-11-2017 05:07 AM
Hi @KateAdetola,
To see the current list of supported file types you can search the 'File Type' column in the File Blocking Profile. You'll see that the list has grown considerably :
Alternatively you can check out the following article :
Cheers !
-Kiwi.
08-11-2017 06:15 AM
Hi,
Yes I am specifically after .msp file types, as we woild like to block end users from downloading and installing .msp files. This is not on the list of supported files currently.
Thanks,
Kate.
08-11-2017 07:27 AM
Thanks for this update Kiwi; however .msp is not on the list. Any suggestions?
Thanks,
Kate.
08-11-2017 07:48 AM
If it is binary file you might try hex editor to get binary signature from beginning of file and create your own vulnerability signature.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!