4) Updating the AntiVirus and IPS definitions
5) Create the same signature and include on the appcontrol profile.
#config application custom
(custom) # edit U1503
set signature "F-SBID( --attack_id 6297; --name Ultrasurf.Google.Appspot.Custom; --protocol tcp; --app_cat 6; --flow from_client; --service HTTP; --pattern uswj; --context host; --no_case; --pattern .appspot.com; --context host; --no_case; --distance 0; --pattern /_NUkSUAWuxrJHx1yWEobaJK2IwVyFabWQPdoXTNWJWr30/; --context uri; --within 100,context; )"
set category 6
set protocol All
set behavior 3
set vendor All
set technology All
end6) Once created, select it in the appcontrol profile with action set to block and validate again.
Enable deep inspection and enable "Inspect All Ports" and delete the utmp folder on the PC before doing the test.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.