https://community.checkpoint.com/t5/Firewall-and-Security-Management/Custom-Application-by-wireshark-raws-data-pattern/m-p/68527#M12115 <P>That imho is a misunderstanding - APCL and URLF deal with URLs and Applications that communicate using the internet. What you want to achieve is to prevent downloading malware, a job done by AV and TE / TX.&nbsp;Custom Applications get defined to enable, disable or limit their internet traffic in APCL rulebase.</P> Tue, 26 Nov 2019 15:06:40 GMT G_W_Albrecht 2019-11-26T15:06:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Custom-Application-by-wireshark-raws-data-pattern/m-p/68330#M12110 <P>Hi team,</P><P>I try to create a custom signature with Wireshark raw data pattern, but it's not working.</P><P>Scenario:-I have an FTP server and I&nbsp; download two files from the FTP server and capture this in Wireshark and create a signature with one file raw data. I want when next time when I download the same file from the FTP server it should be blocked by my custom signature.</P> Mon, 25 Nov 2019 07:25:58 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Custom-Application-by-wireshark-raws-data-pattern/m-p/68330#M12110 Happy__ 2019-11-25T07:25:58Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Custom-Application-by-wireshark-raws-data-pattern/m-p/68466#M12111 Maybe just create a file hash IOC using the AV blade instead? Tue, 26 Nov 2019 04:13:18 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Custom-Application-by-wireshark-raws-data-pattern/m-p/68466#M12111 PhoneBoy 2019-11-26T04:13:18Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Custom-Application-by-wireshark-raws-data-pattern/m-p/68485#M12112 <P>Yup, I know we can do with AV &amp; IPS, but the requirement is to do with the application signature tool.&nbsp;</P> Tue, 26 Nov 2019 07:49:48 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Custom-Application-by-wireshark-raws-data-pattern/m-p/68485#M12112 Happy__ 2019-11-26T07:49:48Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Custom-Application-by-wireshark-raws-data-pattern/m-p/68488#M12113 <P>Wrong tool:</P> <P><SPAN>Signature Tool for Application and URL Filtering Administration Guide</SPAN><SPAN> | 5 </SPAN><SPAN>Introduction</SPAN></P> <P><SPAN>Check Point Signature Tool lets you create Application and URL Filtering for your own or third-party </SPAN><SPAN>applications. This tool expands your local Application and URL Filtering Database for applications and URLs </SPAN><SPAN>that you add. Application and URL Filtering detects and enforces your policies on added signatures as with </SPAN><SPAN>Check Point defined signatures. </SPAN></P> <P><SPAN>For preventing downloads we use AV.</SPAN></P> Tue, 26 Nov 2019 08:18:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Custom-Application-by-wireshark-raws-data-pattern/m-p/68488#M12113 G_W_Albrecht 2019-11-26T08:18:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Custom-Application-by-wireshark-raws-data-pattern/m-p/68490#M12114 <P>In the application signature tool, there is an option that we can create a signature with raw data. So I was just trying to block a specific file with the file raw data.</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 26 Nov 2019 08:26:05 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Custom-Application-by-wireshark-raws-data-pattern/m-p/68490#M12114 Happy__ 2019-11-26T08:26:05Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Custom-Application-by-wireshark-raws-data-pattern/m-p/68527#M12115 <P>That imho is a misunderstanding - APCL and URLF deal with URLs and Applications that communicate using the internet. What you want to achieve is to prevent downloading malware, a job done by AV and TE / TX.&nbsp;Custom Applications get defined to enable, disable or limit their internet traffic in APCL rulebase.</P> Tue, 26 Nov 2019 15:06:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Custom-Application-by-wireshark-raws-data-pattern/m-p/68527#M12115 G_W_Albrecht 2019-11-26T15:06:40Z