Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 2 subscribers
  • Views 16057 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Google crx files being blocked as DLL files?

mark_elias

We intermittently get 'remote site not responding' across various sites - only when using Chrome. I can see against a user that a url like the one below gets blocked on occasion:

http://r10---sn-aigllner.c.pack.google.com/edgedl/chrome/components/flash/ppapi/win/20.0.0.267/install.crx

If I visit this URL in a browser the appliance picks it up as a dll file-type and blocks it. I'm thinking this is why the sites 'don't respond' ? Is there a way I can allow crx files through without having to permit dll download types? I've allowed c.pack.google.com through previously and google.com itself is wide open.

This particular URL was a problem this morning with a user completing a survey on survey monkey, which is wide open through the appliance and is used all the time.

Thanks for any advice

Mark



This thread was automatically locked due to age.
  • 0

    Hi Mark,

    A .crx file is actually a zip file.  If you download it and look at the contents, this is what you see:

    $ unzip -l install.crx
    Archive:  install.crx
    warning [install.crx]:  306 extra bytes at beginning or within zipfile
    (attempting to process anyway)
    Length     Date   Time    Name
    --------    ----   ----    ----
    16792256  12-24-15 07:46   pepflashplayer.dll
            2045  12-24-15 07:46   manifest.json
    --------                   -------
    16794301                   2 files

    The .crx file you are downloading does contain a .dll file.  If you want to avoid this from being blocked by your filetype policy, add the URL to the Local Site List and override the Risk Class to "Trusted";  This prevents an Anti-virus scan from being done and in turn the filetype detection is also bypassed.

    Hope that helps,

    Petr.

  • 0 in reply to PetrBenda
    Thanks for the reply Petr - I didn't think to examine the file itself. I'll look into that today and report back!
  • 0 in reply to mark_elias
    Looking at my Local Site List, I'd previously added pack.google.com as a trusted site. If I do a search against a user today for hits on pack.google.com, I get these two hits in the same minute:

    cache.pack.google.com/.../install.crx - ALLOWED

    r10---sn-aigllner.c.pack.google.com/.../install.crx - BLOCKED (Policy)

    If I do a category lookup against pack.google.com it shows my trusted settings. If I then look up c.pack.google.com I get Search Engine and Low risk. I would have thought trusting pack.google.com was sufficient , hence my confusion. I've added it now and will monitor!

    Thanks
  • 0 in reply to mark_elias
    Mark,

    The Local Site List will include sub-domains only for entries that are just a domain; for example a "google.com" entry will include anything at google.com, but a sub-domain entry will not include anything else. So pack.google.com will not include c.pack.google.com or any other URLs with something before pack.google.com. This is outlined in the Help here: wsa.sophos.com/.../

    Petr.
Unfiltered HTML