jpeg file blocking download error

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

jpeg file blocking download error

L3 Networker

Dear Team,

 

I am doing a file blocking test for the jpeg file format.

When uploading a jpeg, it is recognized as a unique threat id below, and I can control it as I want.

 

Name: JPEG File Upload
> Unique Threat ID: 52097

URL : https://threatvault.paloaltonetworks.com/?query=52097

loglog

profile2.jpg

But I want to control jpeg download.

 

For testing, I set it to 'all alert' and continued to download the jpg file.

 

But jpeg download doesn't seem to be detected.

 

I have set the decryption and can control other formats

 

I also tested the dynamic version after changing it.

 

i want to know the solution

 

Thanks in advance,
Kyungjun,

1 accepted solution

Accepted Solutions

L3 Networker

The 'jpeg' file type was deprecated a long time ago and I've confirmed that now only "jpeg-uploading" is used.

View solution in original post

4 REPLIES 4

L5 Sessionator

Are you blocking the app QUIC? Does the destination server use cert pinning or ESNI? 

 

There are many reasons why decryption could be unsuccessful for that session. What does the packet capture tell you?

Help the community! Add tags and mark solutions please.

@LAYER_8 

Dear slick

Thank you for your comment

I blocked quic itself in chrome. Also, 'jpeg-upload' works normally on the same server.

I've also tested it in other browsers, but it doesn't solve the problem.

I think there is a problem with 'jpeg'.

Please let me know if anyone is normally controlled when only jpeg is set in file blocking.

L5 Sessionator

You may or may not have received this email (please note that second bullet under detailed instructions, it is the kicker):

 

Dear Palo Alto Networks Super User & Domain Administrator,
You’re receiving this email because you’re a Super User or Domain Administrator of a Palo Alto Networks account.
As part of our continuous security enhancements, your teams’ accounts will need to be updated to meet enhanced security requirements. Key changes include:
  1. Users will require Multi-Factor Authentication
  2. Password will need to be changed every 365 days
  3. If a user enters incorrect passwords 5 times, their account will be locked out for 15 mins
Detailed Instructions
  • Starting April 14th, 2022, users will be prompted to change their passwords. Password policy requirements: a) minimum 11 characters, b) at least one each of uppercase, lowercase, numbers, and special characters.
  • Multi-Factor Authentication (MFA) is crucial to protect data against credential theft and damage. When users login on or after April 14th, they will be asked to enter an MFA verification code, which they will receive in their registered email every time they login.
  • Two weeks prior to April 14th, we will send your users a separate email notifying them of these changes and using MFA
  • In case you have issues, please reach out to our team at Contact Support, or open a support case at https://support.paloaltonetworks.com.
Thank you!
Palo Alto Networks
www.paloaltonetworks.com
 
We haven't gotten a clear response from our IT org why this is better/more secure than an auth app.
Help the community! Add tags and mark solutions please.

L3 Networker

The 'jpeg' file type was deprecated a long time ago and I've confirmed that now only "jpeg-uploading" is used.

  • 1 accepted solution
  • 2602 Views
  • 4 replies
  • 2 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!