How to block additional file types?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to block additional file types?

Not applicable

Hello guys,

Can you please advise how we can restrict access to file types such are .vbs and .msi?

These types are not available in the File block list.

Kind Regards,

John

16 REPLIES 16

L4 Transporter

John,

We just added MSI to this weeks content release. You should see it

show up if you upgrade to content update 150. We don't currently have

support for VBS files but we can take a look at adding support for

them in a future content release.

Mike

Thanks for the quick reply, I've just updated and added .msi to the block list.

Would it be possible to investigate if the following file types can be blocked?

.ade

.adp

.bas

.com

.cmd

.cpl

.lnk

.htr

.msh

.wsh

.wsf

.vbe

.vb

.shs

.scf

.scr

.msp

.mst

.isp

Many thanks,

John

I'd like to add .xap files.  Silverlight uses these.

Charles,

Thanks for the suggestion. Can you tell me how controlling xap files differs from controlling silverlight as an application via App-ID?

Alfred

Hi Alfred,

I have noticed the file transfer blocking doesn’t work as expected. If a rule is in place blocking any file transfer using gmail or any other web-mail (Gmail not GTALK file transfer), it doesn’t work for file-types apart from the once mentioned in the list e.g. .TXT, .PCAP etc. If I select "ANY" as an option, that should block any attachments irrespective of the file-type or the extension. Even if PAN NGFW manages to block it, using a classic uploader option on gmail, the file goes right through. This is just a matter of checking a check-box on the settings page of the Gmail account, which an end user can easily do. I have tried the same with multiple web mails, attachment blocking doesn’t work for non listed file types, when the file type is selected as “ANY” in the file blocking profile.

Any advice would be appreciated.

Regards,

Sumukh Rao

Hi Sumukh,

As I told you, any means any of the below file types. It is a bit misleading.

Jones

L6 Presenter

Enclosed is a custom appID to detect for .jpg images.  The signature is looking for the end of the URI path and matching on  the string ‘\.jpg HTTP’ without the quote.  This will work for web-browsing apps only, and a typical web request would look like this:

GET .../images/twitter_corp.jpg HTTP/1.1\r\n

GET .../pictures/logo.jpg HTTP/1.1\r\n

You can import this appID into the PAN device under Objects ==> Application.  Once verified, you can clone the app and change the app signature to match other file types like .scr, .pif, etc.

Are you decrypting the Gmail session so that the PA unit can actually see the upload?

Tariq

Hi,

 

Is there any update on blocking the below list of file types please?

 

Thanks,

Kate.

KK

Kate

 

this is a pretty long list, are you looking for a specific filetype ?

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Community Team Member

Hi @KateAdetola,

 

To see the current list of supported file types you can search the 'File Type' column in the File Blocking Profile.  You'll see that the list has grown considerably :

 

File TypesFile Types

 

 

 

Alternatively you can check out the following article :

 

Supported File Types

 

Cheers !

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Hi,

 

Yes I am specifically after .msp file types, as we woild like to block end users from downloading and installing .msp files. This is not on the list of supported files currently.

 

Thanks,

Kate.

KK

Thanks for this update Kiwi; however .msp is not on the list. Any suggestions?

 

Thanks,

Kate.

KK

If it is binary file you might try hex editor to get binary signature from beginning of file and create your own vulnerability signature.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
  • 12364 Views
  • 16 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!