Hi community,
we are facing an issue with blocking executable files on our XG450 (18.5.1 MR-1-Build326). We´ve created a firewall rule for accesing the internet with HTTP and HTTPS scanning enabled and a custom web policy. The web policy is a copy of the default workplace policy with some additional url group entries for whitelisting purposes. So the file extension .exe should be blocked because the default file type list "Executable Files" is contained by the user activity "Risky Downloads" which is part of our web policy.
In all my testing in the past this set of rules worked as expected. Today I checked the Synchronized Application Control for new applications and found an entry named DownloadSponsor. After some research I found out that all users were able to download this particular .exe file.
To narrow this down I "hacked" my own PC and extracted the content header of this download with Wireshark:
HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 24 Sep 2021 07:18:40 GMT Content-Type: application/vnd.microsoft.portable-executable Content-Length: 4396960 Connection: keep-alive Content-Disposition: attachment; filename="SEPA ..berweisung Formular - Vorlage (PDF) - Installer _zpI0.exe"
Only after creating a custom file type list (using "Executable Files" as template) with the above Content-Type added and adding this to our web policy this download were blocked.
Is this a bug or feature, when downloads are not blocked although the filename contains the .exe extension when the related mime type is not specified in the file type list?
Thanks in advance
Markus
This thread was automatically locked due to age.