Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 2 subscribers
  • Views 15979 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Google crx files being blocked as DLL files?

mark_elias

We intermittently get 'remote site not responding' across various sites - only when using Chrome. I can see against a user that a url like the one below gets blocked on occasion:

http://r10---sn-aigllner.c.pack.google.com/edgedl/chrome/components/flash/ppapi/win/20.0.0.267/install.crx

If I visit this URL in a browser the appliance picks it up as a dll file-type and blocks it. I'm thinking this is why the sites 'don't respond' ? Is there a way I can allow crx files through without having to permit dll download types? I've allowed c.pack.google.com through previously and google.com itself is wide open.

This particular URL was a problem this morning with a user completing a survey on survey monkey, which is wide open through the appliance and is used all the time.

Thanks for any advice

Mark



This thread was automatically locked due to age.
Parents
  • 0

    Hi Mark,

    A .crx file is actually a zip file.  If you download it and look at the contents, this is what you see:

    $ unzip -l install.crx
    Archive:  install.crx
    warning [install.crx]:  306 extra bytes at beginning or within zipfile
    (attempting to process anyway)
    Length     Date   Time    Name
    --------    ----   ----    ----
    16792256  12-24-15 07:46   pepflashplayer.dll
            2045  12-24-15 07:46   manifest.json
    --------                   -------
    16794301                   2 files

    The .crx file you are downloading does contain a .dll file.  If you want to avoid this from being blocked by your filetype policy, add the URL to the Local Site List and override the Risk Class to "Trusted";  This prevents an Anti-virus scan from being done and in turn the filetype detection is also bypassed.

    Hope that helps,

    Petr.

  • 0 in reply to PetrBenda
    Thanks for the reply Petr - I didn't think to examine the file itself. I'll look into that today and report back!
  • 0 in reply to mark_elias
    Looking at my Local Site List, I'd previously added pack.google.com as a trusted site. If I do a search against a user today for hits on pack.google.com, I get these two hits in the same minute:

    cache.pack.google.com/.../install.crx - ALLOWED

    r10---sn-aigllner.c.pack.google.com/.../install.crx - BLOCKED (Policy)

    If I do a category lookup against pack.google.com it shows my trusted settings. If I then look up c.pack.google.com I get Search Engine and Low risk. I would have thought trusting pack.google.com was sufficient , hence my confusion. I've added it now and will monitor!

    Thanks
Reply Children
  • 0 in reply to mark_elias
    Mark,

    The Local Site List will include sub-domains only for entries that are just a domain; for example a "google.com" entry will include anything at google.com, but a sub-domain entry will not include anything else. So pack.google.com will not include c.pack.google.com or any other URLs with something before pack.google.com. This is outlined in the Help here: wsa.sophos.com/.../

    Petr.
Unfiltered HTML