File blocking for allowing specific file type to be download.

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
Vijaygvasan
L1 Bithead

File blocking for allowing specific file type to be download.

Hi guys,

 

I have query regarding fileblocking where i just want to allow certain type of file to be downloaded and uploaded for specific file type. So for example. im allowing exe extension for microsoft.com and i provided the option to alert. And when i first made a request for the webpage it works as expected. But when i tried request for different website i did get the response page from that website as well. And im also able to see that the exe file gets to be downloaded on different website. So i created a deny rule for blocking exe for any destination. But still im able to see that i could download the files on different website.

 

My suggestion was to go with Decrypting the traffic and making those who need to download can have access for that. But i just need all your inputs to do this without decrypting.

 

Attached is the allow for the traffic and the second one is deny on the file blocking profile.


Accepted Solutions
kiwi
Community Team Member

Hi @Vijaygvasan ,

 

Your suggestion to decrypt the traffic is the way to go in my humble opinion.

 

I'm afraid that without a decryption policy, file blocking just won't do a decent job.  You won't have any visibility inside any HTTPS traffic and you won't be able to block anything using file blocking this way.

 

If you don't want to use a decryption policy then I suggest that you use some form of endpoint protection (Cortex XDR ?) but I'm not sure it allows for the same granularity.

 

Cheers,

-Kiwi.

 

View solution in original post


All Replies
kiwi
Community Team Member

Hi @Vijaygvasan ,

 

Your suggestion to decrypt the traffic is the way to go in my humble opinion.

 

I'm afraid that without a decryption policy, file blocking just won't do a decent job.  You won't have any visibility inside any HTTPS traffic and you won't be able to block anything using file blocking this way.

 

If you don't want to use a decryption policy then I suggest that you use some form of endpoint protection (Cortex XDR ?) but I'm not sure it allows for the same granularity.

 

Cheers,

-Kiwi.

 

View solution in original post

Vijaygvasan
L1 Bithead

Thanks buddy, I have made the decryption policy anyways and im able to block and allow the traffic as intended. Also i could face a bit of slowness issue it takes more time than usual to load web pages. basic web browsing like yahoo, times of india, speed test etc. So will there be any option to check whether and why it takes long time.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!