- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-14-2021 03:59 AM
Hi Team
How to block below hash value. Please help us
4ad20bcd0f915acba7817e0639fcbf4f713beb8ac35112134808d4e5f753d519
86800f9e3b563eaeba1d84d431b83405b2118300c0ad2deab39a093d4b9093c5
96a64cccb55f7b42711015054ddd6ac45459643aa17c13248c6e344dc787cbfd
aad97a08a139e8dff1f02f73479a5b00ecca5b512f627082f9c589fd63479c83
b3daf217ca7339ad9e738f087135af8f63fd46f435711874ccb4bf8ab310f2e5
Regards
Mohammed Asik
01-14-2021 09:43 PM - edited 01-14-2021 09:46 PM
Hash Values cannot be blocked from FW level, you need to upload that file to wildfire in order to get the Antivirus signature (Threat ID).
You can check the Threat vault for HASH values,
Threat Vault (paloaltonetworks.com)
If you cannot find the HASH values, check with VirusTotal or other public sites and find the File Type of the HASH because Antivirus signature will be created only based on Wildfire supported file types. Please contact your local palo alto SE to create a feature request on your behalf for Wildfire support of that particular executable file, feature requests could be implemented in future.
Find below the link that has information regarding Wildfire Supported File Types:
WildFire File Type Support (paloaltonetworks.com)
Regards,
Sahithyan
01-26-2021 11:14 AM
As mentioned you can't create a blocking action against a file hash.
You could however create a custom signature if you have a copy of the sample.
For more info please see:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!