How to block Phishing PDF files
9222
Created On 09/30/20 05:58 AM - Last Modified 12/15/20 05:52 AM
Symptom
We observe that Phishing PDF files are actively being used for malicious activities. This document explains how to block Phishing PDF files by using Anti-Spyware signature (Unique Threat ID 86123 & 86178).
Resolution
We have Anti-Virus signature coverage for Phishing PDF files.
In addition to Anti-Virus signatures, we have released the following Anti-Spyware signatures in order to block some particular Phishing PDF files. We still use Anti-Virus signatures for those which are not covered by these Anti-Spyware signatures (Unique Threat ID 86123 & 86178).
| Severity | Unique Threat ID | Name | Default Action | Minimum PAN-OS Version | First Release |
| medium | 86123 | Fake Captcha Phishing PDF File Detection | reset-both | 7.1.0 | 8326 |
| medium | 86178 | Fake Captcha Phishing PDF File Detection | reset-both | 7.1.0 | 8344 |
Note: In content version 8353, the signatures were updated. (Severity: low -> medium, Default Action: alert -> reset-both, Name: Fake Captcha Phishing PDF File Detection)
The following description was based on the signature definition before content version 8353.
Please note that we have released this Anti-Spyware signature with Default Action "alert". Hence, it's necessary to change the configuration to use the signature to block Phishing PDF files.
Here's the example of the Anti-Spyware Profile with Action "reset-both".
For more information on how to configure Anti-Spyware exceptions, please visit this article:
How to Use Anti-Spyware, Vulnerability and Antivirus Exceptions to Block or Allow Threats
The signature may be updated in the future. To see the latest status of the signatures, please visit our Threat Vault.
https://threatvault.paloaltonetworks.com/?query=86123&type=