topic File Blocking applications in General Topics

File Blocking applications

nsendelbac — Mon, 04 Mar 2019 21:43:26 GMT

What is the reason that the Applications field within File Blocking Profiles only allow a subset of all applications? For instance, I have a file blocking profile that alerts on several file extensions for webmail applications I've specified, and I'm trying to add meetup-email, startmail, and zimbra, but these are not available.

I thought perhaps the file block profiles only allow applications that have the "Capable of file transfer" characteristic, but all the apps I've mentioned have it.

Re: File Blocking applications

reaper — Thu, 07 Mar 2019 13:01:04 GMT

have you checked if adding web-browsing to file blocking does work, as zimbra etc rely on http for their transport (and you set up ssl decryption)

Re: File Blocking applications

nsendelbac — Thu, 07 Mar 2019 15:55:46 GMT

Sure, you could add web-browsing, but then the file blocking profile would apply to much more traffic than the webmail apps I'm trying to alert/block on. I suppose a workaround would be creating a seperate security policy with only the webmail apps specalong with a seperate file blocking profile for it and select 'any' apps in the file blocking profile.

Still wondering why there is a limited subset of apps within file blocking profiles though.

Re: File Blocking applications

reaper — Thu, 07 Mar 2019 19:32:09 GMT

Because not all applications use the same methods to transfer files
This makes that for some applications the normal protocol decoders are unable to properly process file transfers (the file could be chopped up in an very unusual way for example)

You could reach out to your SE to have them submit a feature request to add these apps to fileblocking