Application and Threat Content Release Notes

Version 443 Notes: 1. Exposed a new custom IPS Vulnerability signature context, file-elf-body, that detects Executable and Linkable Format (ELF) files running over HTTP.

2. Google Hangouts will be shipping in next week’s content release (July 1st). Google Hangouts is an instant messaging and video chat platform that replaces the following messaging products – Talk, Google+ Messenger and Hangouts, a video chat system within Google+ and some capabilities of Google Voice. Applications previously identified as google-talk, google-talk- gadget,gtalk-p2p,gtalk-voice,gmail-chat, gmail-video-chat will now be identified as one of the three applications under the google hangouts container- google-hangouts-base, google-hangouts- audio-video and google-hangouts-chat. The hangouts sub-applications would be identified as google-hangouts-base when Decryption is not enabled. With the new content release, security policies, specifically with rules to allow any of the previous google instant messaging services, must be updated with the appropriate hangouts application/s to ensure that they are not being blocked. Any existing application using the older Google services APIs would not be identified correctly unless updated with the latest hangouts APIs.

New Applications (4)

Minimu Ris Subcategor Technolog Previously m PAN- Name Category Depends On k y y Identified As OS Version unknown- fcc-speed- general- internet- browser- 2 flash,web-browsing udp,unknown- 3.1.0 test internet utility based tcp,web-browsing web- intersystem business- client- 2 database web-browsing browsing/unknow 3.1.0 s-cache systems server n-tcp apple- collaboratio social- client- 2 streetchat maps,cinemagram,ssl,w web-browsing,ssl 3.1.0 n networking server eb-browsing apple- collaboratio social- client- 1 tinder maps,facebook,ssl,web- web-browsing,ssl 3.1.0 n networking server browsing

Modified Applications (9)

Minimum Risk Name Category Subcategory Technology Depends On PAN-OS Version remote- socks,ssl,web- 3 citrix networking client-server 3.1.0 access browsing

©SecureLink Confidential Page 1 of 3

instant- jabber,rtmfp,ssl,web- 2 hipchat collaboration client-server 3.1.0 messaging browsing hp-data- business- storage- 1 client-server 3.1.0 protector systems backup meetup- browser- meetup,ssl,web- 2 collaboration web-posting 3.1.0 forum(function) based browsing business- general- 1 rmi-iiop client-server 3.1.0 systems business peer-to- 5 skype collaboration voip-video msn,ssl,web-browsing 3.1.0 peer google-app- instant- 2 snapchat collaboration client-server engine,ssl,web- 3.1.0 messaging browsing viber- 1 collaboration voip-video client-server ssl,web-browsing 3.1.0 base(function) viber- 1 collaboration voip-video client-server ssl,viber 3.1.0 voice(function)

Modified Decoders (2)

Name msrpc ssl

New Anti-spyware Signatures (1)

Minimum PAN- Maximum PAN- Severity ID Attack Name Default Action OS Version OS Version MICROS0FT.AUTH critical 13469 Command and alert 3.1.0

Control Traffic

Modified Anti-spyware Signatures (2)

Minimum PAN- Maximum PAN- Severity ID Attack Name Default Action OS Version OS Version Ebury SSH Rootkit critical 13457 Command and alert 3.1.0

Control Traffic Conficker DNS high 20000 alert 3.0.0 4.1.0.0 Request

New Vulnerability Signatures (3)

Attack Minimum PAN- Severity ID CVE ID Vendor ID Default Action Name OS Version Malicious critical 36498 Flash file alert 4.0.0

Detection Adobe Flash CVE-2014- critical 36505 APSB14-16 alert 4.0.0 Player 0536

©SecureLink Confidential Page 2 of 3

Memory Corruption Vulnerability Adobe Flash Player CVE-2014- critical 36506 Memory APSB14-16 alert 4.0.0 0536 Corruption Vulnerability

Modified Vulnerability Signatures (4)

Minimum PAN- Severity ID Attack Name CVE ID Vendor ID Default Action OS Version Apple iTunes m3u Playlist File Title CVE-2012- critical 34886 alert 3.1.0 Parsing Buffer 0677 Overflow Vulnerability Microsoft Internet Explorer CVE-2014- critical 36341 MS14-010 alert 4.0.0 Memory 0289 Corruption Vulnerability Apple Quicktime ftab Movie Atom CVE-2014- high 36441 alert 5.0.0 Parsing Buffer 1246 Overflow Vulnerability RealNetworks RealPlayer CVE-2012- high 35583 URL alert 5.0.0 5691 StringOverflow Vulnerability

©SecureLink Confidential Page 3 of 3