Hello, I currently have a security rule that blocks the downloads of ".exe" files from the "unknown" URL category (which sits above my general Internet/WildFire Forward rule). It works extremely well in dropping a huge amount of the garbage out there. However, occasionally the garbage makes it past that rule and sends up a WildFire event. Again, Deny rule comes before the WildFire forward. I noticed from the WildFire alert that in the cases of communication which appears to bypass the deny rule - the source and destination are actually reversed to what the rule is set. Instead of my user being the source - it is now the destination. Should my rule to deny the .exe also include a bidirectional zone? Current Deny .exe rule Source Zone - Internal Destination Zone - External Application - Web-Browsing URL Category - "Unknown" (PANDB) Profile - "DenyEXE" File blocking profile for .exe/download/block Should my zones be a bidirectional setup to block anything that is coming inbound? I had hoped the user session would keep state of that? Should the File Blocking profile be both upload and download? Thanks! Mike
... View more