This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WebControl exclusions for additional security options

Hello Community,

In the WebControl policys we have the options for the risky file types.

As default setting, I want that my users are getting a warn page when they are downloading a Windows Executable. (or if they are loading in the background of the page)

Inhouse we have some self coded services which are loading .bin files in web pages.

This .bin files are in the category windows executables as well and are getting blocked form the policy.

A exclusion in the web management option just generally allows the website.

So I can generally load the web page, but the bin files are still getting blocked in the background.

Here a screenshot from the web browser.

/resized-image/__size/1280x528/__key/communityserver-discussions-components-files/302/pastedimage1627472069142v3.png

As you can see the web page tries to load but the .bin files are getting blocked.

Does someone know a workaround to "fully allow" a web page.

Currently it looks like that we can't set any exclusions for the "Additional security options".

Thanks in advance.

Sincerely yours.



This thread was automatically locked due to age.
  • Hi, 

    have you tried allowing this .bin files to your exclusion policy? you can try to create a separate policy where this .bin files are not excluded and check the status.

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi,

    thanks for your reply.

    Do you mean the global exclusions with the exclusion policy?

    I added the host of the website in the global exclusions as well but I get the same result.

    Currently the website is allowed in the global exclusions and in the website management (which is paired with the policy)

    If I create an extra policy for that user which allows the windows executables then it works obviously.

    But then all windows executables are allowed which I dont really want in my environment.