Hello, I have had a few instances where I've needed to allow certain files types through the data filter. One annoying case was native Office 2007/2010 documents that end in x. What I did was add it to my file blocking profile with the action of ALERT. This is now letting them in. Sometimes I actually have a FQDN or IPs that I can use to allow EVERYTHING in from certain sites, but sometimes that doesn't work. I have 2 examples where I am having issues with this. First, Symantec AV updates. We have contracted employees working in my school district who have their employer-provided computers. As we don't manage them, their Symantec AV updates over the Web. However, these are ZIPs and are blocked. I tried allowing Symantec-AV-update, but that also depends on HTTP and FTP. I couldn't find a good way to use a policy to allow that. Especially as I don't have a FQDN or IP to allow stuff in explicitly. The servers I see getting blocked resolve to something like axx-xx-xx-xx.deploy.akamaitechnologies.com. I've seen other stuff using these exact same servers, so how do I deal with that? I don't know how many of these servers might be accessed by SAV, either. Anyone else dealt with this? Finally, my latest is an uknown file type, used for educational software. Some of the blocks (ZIP, of course) show Akamai servers, but there are others also. This file type is as3a. As PA doesn't list that one, can't use my other file blocking technique to just allow all .as3a files either. Thanks for any help you may have. Geoff
... View more