I've inherited a ruleset that is blocking Java CLASS file downloads, but not Java JAR files. I am not a Java developer and have very limited knowledge of the particulars relating to these files as potential threat vectors. But I have seen nothing in my initial research that leads me to believe this was an intentional, justified policy. I can't see any reason why CLASS files would represent a larger concern than JAR files, and the rational thing to do would be either 1) unblock CLASS files as well (and rely on client-side mitigations for protection), or 2) block JAR files as well (if anything JAR seems like a greater threat, due to its ability to contain other malicious payloads).
I'm curious on the thoughts others might have on this.
Is there a good reason to CLASS files exclusively? Is there a good reason to not block JAR files? Is blocking Java file downloads outright worth the added overhead to maintain such a policy?
As far as this particular environment goes, it looks like the scope of CLASS file download attempts are pretty minimal in any case. With threat prevention scanning and other mitigations in place, I don't feel the risk here is that large. But if the risk is large enough to warrant continuing to block them, it would make sense to me that I should also be blocking the JAR files.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!