Deny downlaod file exe

You must create an Extrarule in webprotection

Hi Megan,

I've create one web filter policy and one application filter policy, both whit default action=Allow and indide the rule, I've denied the EXE File Download from HTTP and HTTPS. Then I applied these policies at the firewall rule that allow private source to internet.  The result was that the download from HTTP was denied, but not from HTTPS. How can I fix this problem? Thanks

Hi Megan,

I've create one web filter policy and one application filter policy, both whit default action=Allow and indide the rule, I've denied the EXE File Download from HTTP and HTTPS. Then I applied these policies at the firewall rule that allow private source to internet.  The result was that the download from HTTP was denied, but not from HTTPS. How can I fix this problem? Thanks

Hi Manuel,

Make sure that you have enabled HTTPS-Decryption in the Firewall Rule.

Otherwise, you maybe have accidently created a Exception in Web>Exceptions, otherwise make sure that the Policy, that denies EXE-File downloads is the first in the list, because the first matching rule is accepted. So if you use an Policy wich allows EXE-File downloads wich is above the one that denies, EXE-Download is allowed.

Thanks Megan .. I resolved by enabling HTTPS for AV & AS Scanning in firewall rules.

I followed the procedure in attachment.

Right now, however, the browser always asks me to add the exception for the certificate, whenever I open a page.

Do I need to configure my browser to use the proxy?

Thanks

Hi Manuel,

Please refer to this Guide : https://community.sophos.com/kb/en-us/123048

But, please also import certificate into the Certificate manager of your OS, otherwise you won't be able to do any updates!

For Windows use this guide:https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx

For Linux use one of these guides: https://askubuntu.com/questions/73287/how-do-i-install-a-root-certificate

                                                    https://www.happyassassin.net/2015/01/14/trusting-additional-cas-in-fedora-rhel-centos-dont-append-to-etcpkitlscertsca-bundle-crt-or-etcpkitlscert-pem/