04-02-2021 09:34 PM
Hi guys,
I have query regarding fileblocking where i just want to allow certain type of file to be downloaded and uploaded for specific file type. So for example. im allowing exe extension for microsoft.com and i provided the option to alert. And when i first made a request for the webpage it works as expected. But when i tried request for different website i did get the response page from that website as well. And im also able to see that the exe file gets to be downloaded on different website. So i created a deny rule for blocking exe for any destination. But still im able to see that i could download the files on different website.
My suggestion was to go with Decrypting the traffic and making those who need to download can have access for that. But i just need all your inputs to do this without decrypting.
Attached is the allow for the traffic and the second one is deny on the file blocking profile.
04-06-2021 01:53 AM
Hi @Vijaygvasan ,
Your suggestion to decrypt the traffic is the way to go in my humble opinion.
I'm afraid that without a decryption policy, file blocking just won't do a decent job. You won't have any visibility inside any HTTPS traffic and you won't be able to block anything using file blocking this way.
If you don't want to use a decryption policy then I suggest that you use some form of endpoint protection (Cortex XDR ?) but I'm not sure it allows for the same granularity.
Cheers,
-Kiwi.
04-06-2021 01:53 AM
Hi @Vijaygvasan ,
Your suggestion to decrypt the traffic is the way to go in my humble opinion.
I'm afraid that without a decryption policy, file blocking just won't do a decent job. You won't have any visibility inside any HTTPS traffic and you won't be able to block anything using file blocking this way.
If you don't want to use a decryption policy then I suggest that you use some form of endpoint protection (Cortex XDR ?) but I'm not sure it allows for the same granularity.
Cheers,
-Kiwi.
04-06-2021 03:21 AM
Thanks buddy, I have made the decryption policy anyways and im able to block and allow the traffic as intended. Also i could face a bit of slowness issue it takes more time than usual to load web pages. basic web browsing like yahoo, times of india, speed test etc. So will there be any option to check whether and why it takes long time.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
