I am wondering if there is a way to block a specific file from any internet source. We would like to block users from grabbing a specific unsupported browser. (when you have 85k+ workstations - you need to keep them uniform for supportability :smileywink:)
I am looking at the File Blocking option and it doesn't seem to allow for specification of the filename ...
Could you please check with Data Filtering Profiles. We can create a custom data-filtering profile as mentioned below.
Objects > Security Profiles > Data Filtering
Custom Patterns—To match a custom data pattern for the traffic that is subject to this profile, create a custom data pattern by clicking Add and specifying the pattern name, regular expression (regex) to match, and weight (0-255, 255 is highest weight). You can add multiple match expressions to the same data pattern profile.
Hope it will help you.
Good Idea... I will explore this idea.
One of our Team found this KB article:
I have been exploring this - it looks really solid... so need to figure out how to test it and go from there.
thanks for the help!
You also might want to look into creating a custom AppID (Application signature), The following doc shows how to create one:
It is just a matter of finding what is in the GET http uri header and creating a signature based on that. If it is a browser, it should use the same name for the exe or zip file so it should be straight forward. I have created a couple and they work well.
The Knowledge base article is correct. We are creating custom vulnerability signatures to prevent the downloading of specific file names. Such as Bad-Filename.zip or Bad-Filename.exe The signatures are based on http-uri path and file name so the server hosting name or location on the internet is irrelevant. This has been successful for us and we also use it to block the downloading of tool-bars and other unwanted software. There are some precautions (filename or uri path/filename should be unique to avoid false blocking) signature also needs to be minimum of 7 characters.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!