https://live.paloaltonetworks.com/t5/general-topics/allow-certain-exe-downloads-by-filename/m-p/42247#M31052 <HTML><HEAD></HEAD><BODY><P><SPAN>There are App-ID's for various software updates.&nbsp; You can allow file downloads for those App-ID's.&nbsp; If your particular malware update is not covered by an App-ID you can either create your own custom one or put in an App-ID request to Palo Alto Networks:&nbsp; </SPAN><A class="jive-link-external-small" href="http://www.paloaltonetworks.com/researchcenter/submit-an-application/">http://www.paloaltonetworks.com/researchcenter/submit-an-application/</A></P><P></P><P>Cheers,</P><P></P><P>Kelly</P></BODY></HTML> Tue, 26 Jul 2011 20:58:40 GMT kbrazil 2011-07-26T20:58:40Z https://live.paloaltonetworks.com/t5/general-topics/allow-certain-exe-downloads-by-filename/m-p/42246#M31051 <HTML><HEAD></HEAD><BODY><P>I use data filtering and currently block EXE downloads amoung others. My problem is now my users can't download updates to their malware software. The malware software we use currently doesn't offer a centralized management feature so the updates have to be downloaded from the web. The updates come from a content delivery network so the only way I can allow this without opening a huge hole in my security is by allowing a certain filename. Unfortuantely, I do not know of a way in my PA to allow an EXE downloads via filename while still blocking everything else. Is this possible? Thank you in advance.</P></BODY></HTML> Tue, 26 Jul 2011 20:30:06 GMT https://live.paloaltonetworks.com/t5/general-topics/allow-certain-exe-downloads-by-filename/m-p/42246#M31051 ghight 2011-07-26T20:30:06Z https://live.paloaltonetworks.com/t5/general-topics/allow-certain-exe-downloads-by-filename/m-p/42247#M31052 <HTML><HEAD></HEAD><BODY><P><SPAN>There are App-ID's for various software updates.&nbsp; You can allow file downloads for those App-ID's.&nbsp; If your particular malware update is not covered by an App-ID you can either create your own custom one or put in an App-ID request to Palo Alto Networks:&nbsp; </SPAN><A class="jive-link-external-small" href="http://www.paloaltonetworks.com/researchcenter/submit-an-application/">http://www.paloaltonetworks.com/researchcenter/submit-an-application/</A></P><P></P><P>Cheers,</P><P></P><P>Kelly</P></BODY></HTML> Tue, 26 Jul 2011 20:58:40 GMT https://live.paloaltonetworks.com/t5/general-topics/allow-certain-exe-downloads-by-filename/m-p/42247#M31052 kbrazil 2011-07-26T20:58:40Z https://live.paloaltonetworks.com/t5/general-topics/allow-certain-exe-downloads-by-filename/m-p/42248#M31053 <HTML><HEAD></HEAD><BODY><P>Could you add a new "allow" policy using a FQDN Address Object for the content delivery network?&nbsp; Do not add a file blocking profile to the new policy.&nbsp; Position it before the policy with the file blocking profile that blocks .EXE files.&nbsp; Traffic would then match the new policy and be allowed.&nbsp; Downloads of .EXE files would still be blocked for traffic not sourced from the content delivery network by the existing policy with the file blocking profile.</P></BODY></HTML> Tue, 26 Jul 2011 21:00:31 GMT https://live.paloaltonetworks.com/t5/general-topics/allow-certain-exe-downloads-by-filename/m-p/42248#M31053 jdavis 2011-07-26T21:00:31Z https://live.paloaltonetworks.com/t5/general-topics/allow-certain-exe-downloads-by-filename/m-p/42249#M31054 <HTML><HEAD></HEAD><BODY><P>I could, and that was my first idea... but since a VAST majority of downloads come this content delivery network, I would essentially be allowing everything rendering my EXE blocking only minimally effective.</P><P></P><P>I'll check in to Kelly's idea. I'm not familiar with that method, but it sounds like something I should know how to do anyway. Thank you both!</P></BODY></HTML> Tue, 26 Jul 2011 21:08:09 GMT https://live.paloaltonetworks.com/t5/general-topics/allow-certain-exe-downloads-by-filename/m-p/42249#M31054 ghight 2011-07-26T21:08:09Z