09-18-2023 11:44 AM
I want to be able to block PotatoVPN Traffic. I am successful in most of my other VPN threat hunting safaris but this one is fairly new and my current rules don't capture this little guy. Has someone out there created a policy that successfully blocks potatovpn.
Can I create a policy rule simply off of the identified threatID of potatovpn which Paloalto logs properly? I have never done this before. PotatoVPN is not in the Applicpedia database to choose it by appid
Thanks
09-18-2023 12:53 PM - edited 09-18-2023 01:32 PM
You can override the default action of signatures in the anti-spyware profile from, in this case, "alert" to whatever youd like. Does this address what you need?
Edit adding more specifics: You can go to the signature exceptions tab of an anti-spyware profile, then select the show all signatures check box in the bottom left, find the signature you are looking for and change the action to what you would like, and make sure to select the enable check box on the signature itself for any signatures you edit. Then apply this anti-spyware profile to the rules you'd like, either directly or through a security profile. This is also all under the assumption you have a threat protection license.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
