This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Unknown File Types

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Unknown File Types

Hithead
L4 Transporter

‎08-08-2014 04:29 AM

Hi all,

we like to block or be alert when the file types .edrw and .easm (eDrawing) are passing the PA. Currently nothing is shown in the Monitoring Data Filtering.

Any idea how to get PAN to update file types in security profiles? Can I somehow report it to PAN?

0 Likes Likes
5 REPLIES 5

reaper
Cyber Elite
Cyber Elite

‎08-08-2014 04:51 AM

Hi

to have these filetypes added to the file blocking known filetypes you can reach out to your Palo Alto Networks SE to have them added in a feature request for our engineering and product management team to consider.

In the meanwhile you could go ahead and build a custom signature to match attributes common to these types of files (like any strings that would appear in the file) and have them blocked by means of threat prevention

this doc should be helpful: Creating Custom Threat Signatures

regards

Tom

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hithead
L4 Transporter
In response to reaper

‎08-11-2014 12:21 AM

Hi,

this means, if we are transfer 'PA unknown' file types, we will never be able to log and recognize it?...sad.

SDorsey
L4 Transporter
In response to Hithead

‎08-11-2014 06:00 AM

You can log and recognize it if you create a custom threat signature.

I don't believe the PA identifies files solely based on the file extension.

0 Likes Likes

Hithead
L4 Transporter
In response to SDorsey

‎08-11-2014 07:04 AM

I have so many policies, zones etc. For example the internet  has so many of custom signatures. So how I have to detect them?

Also I like to see all data traffic in the Data Filtering Monitoring tab...

BTW: Could someone help me to create the custom signature for the both file types written in the first post?

0 Likes Likes

Hithead
L4 Transporter

‎08-12-2014 04:27 AM

Hi,

created a custom signature, but I cannot define client2server or server2client. I like to block only uploads but PA is blocking both... could you please take a look?

2014-08-12_13-02-54.jpg

2014-08-12_13-15-27.jpg

both (NOT one of them) pattern of this file type should match:

2014-08-12_13-14-51.jpg

Our profile (add the custom object as exception):

2014-08-12_13-15-40.jpg

2014-08-12_13-15-48.jpg

Thx in advance!

0 Likes Likes
  • 3697 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks