File blocking for allowing specific file type to be download.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

File blocking for allowing specific file type to be download.

L3 Networker

Hi guys,

 

I have query regarding fileblocking where i just want to allow certain type of file to be downloaded and uploaded for specific file type. So for example. im allowing exe extension for microsoft.com and i provided the option to alert. And when i first made a request for the webpage it works as expected. But when i tried request for different website i did get the response page from that website as well. And im also able to see that the exe file gets to be downloaded on different website. So i created a deny rule for blocking exe for any destination. But still im able to see that i could download the files on different website.

 

My suggestion was to go with Decrypting the traffic and making those who need to download can have access for that. But i just need all your inputs to do this without decrypting.

 

Attached is the allow for the traffic and the second one is deny on the file blocking profile.

1 accepted solution

Accepted Solutions

Community Team Member

Hi @Vijaygvasan ,

 

Your suggestion to decrypt the traffic is the way to go in my humble opinion.

 

I'm afraid that without a decryption policy, file blocking just won't do a decent job.  You won't have any visibility inside any HTTPS traffic and you won't be able to block anything using file blocking this way.

 

If you don't want to use a decryption policy then I suggest that you use some form of endpoint protection (Cortex XDR ?) but I'm not sure it allows for the same granularity.

 

Cheers,

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

View solution in original post

2 REPLIES 2

Community Team Member

Hi @Vijaygvasan ,

 

Your suggestion to decrypt the traffic is the way to go in my humble opinion.

 

I'm afraid that without a decryption policy, file blocking just won't do a decent job.  You won't have any visibility inside any HTTPS traffic and you won't be able to block anything using file blocking this way.

 

If you don't want to use a decryption policy then I suggest that you use some form of endpoint protection (Cortex XDR ?) but I'm not sure it allows for the same granularity.

 

Cheers,

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Thanks buddy, I have made the decryption policy anyways and im able to block and allow the traffic as intended. Also i could face a bit of slowness issue it takes more time than usual to load web pages. basic web browsing like yahoo, times of india, speed test etc. So will there be any option to check whether and why it takes long time.

  • 1 accepted solution
  • 3718 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!