This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

EXE Extension for Firmware version: 9.703-2

i am trying to block the exe files download but https keep allowing users to download it, by using decrypt and scan option it block the whole websites. any suggestion would be appreciated.

Thanks

 

 

 

 

 

 

 



This thread was automatically locked due to age.
Parents
  • Decrypt and scan is the right way to go. You already installed the sophos web proxy certificate to prevent ssl error messages?!

    Then you need to know which settings block the whole website, delete all settings and add settings step by step. Also the webfilter livelog is a good tool for debugging.

     

    best regards,

    Jonas

  • Thanks for your quick reply, i have very less users in EXE deny category so i will install the cert manually on each pc, from where can i download the cert from UTM.

     

    Thanks

  • Web Protection -> Filteroptions -> HTTPS-CAs -> Download (PEM).

    You need to install the certificate via mmc trust -> trustet root.

    For maximum security, deploy the proxy certificate via gpo and scan/decrypt traffic from all clients of your network. It is great because you can control / secure everything (surf ports) of your network :)

  • Hi,

         i am facing many issues after installing the cert and decrypt scan, blocking the download is working fine, but many Apps stop working like , Google Drive sync, Zoom meeting, and there is no logs on firewall like Deny connection.

    please any suggestions.

Reply
  • Hi,

         i am facing many issues after installing the cert and decrypt scan, blocking the download is working fine, but many Apps stop working like , Google Drive sync, Zoom meeting, and there is no logs on firewall like Deny connection.

    please any suggestions.

Children
  • What happens if you replace "*.exe" with "exe" in your configuration?  Do you see the blocks in the log then?

    There are challenges with Google Drive Sync and Teams as those servers don't play nicely.  For example, do a Google on site:community.sophos.com/products/unified-threat-management teams.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • hello Bob,

    for each extension , i have  configured three type of  style like .exe *.exe and eze

    http websites  only can block the download but not Https.

    by using decrypt blocking extension work perfectly but

    some applications not working

    is there anyway to skip the specific website from decrypt scan.

    Thanks

  • This can be done with a Web Filtering Exception.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Yes, webfilter exception is the way to go. You need to learn that you need them for windows updates, software-updates, anti-virus database service and so on. Application control is another way to block services.