In order to allow Updates to OneDrive im trying to create a custom application. (since I'm blocking PE) as it is detected as web-browsing. It does not detect that ms one drive premade application.
I created a custom signature with the Client hello sni (oneclient.sfx.ms), as I found that from the packet capture. My issue is that it works for some of the traffic but other traffic it is not recognizing the app as OneDrive.
What could be going wrong?
If you go to Monitor > Data Filtering and get destination IP where file download was attempted from and then go to Monitor > URL Filtering and use the same destination IP as filter what URL do you see in logs?
Add new URL category
Objects > Custom Objects > URL Category
add 2 entries
Create security policy above default outgoing policy to permit traffic to newly created URL category and assign file blocking profile to the rule that does not block download of executable files.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!