07-03-2019 06:25 AM
We have Cisco Cloud Web Security
We have a filter set up that should block users from downloading .exe files from the internet. Under file types .exe is ticked
However, I've found that users can actually download .exe files
Thanks for your assistance
Solved! Go to Solution.
07-05-2019 07:07 AM
Sure, here you go - https://www.cisco.com/c/en/us/td/docs/security/web_security/scancenter/administrator/guide/b_ScanCenter_Administrator_Guide/b_ScanCenter_Administrator_Guide_chapter_010010.html
If you find it helpful please vote for the reply
07-08-2019 08:19 AM
Correct, HTTPS inspection filters can match categories/domains/IPs/applications. HTTPS inspection will be applied for the configured filters and CWS proxy will be able to identify exe files in inspected traffic. Such traffic will be matched by already configured web filtering rule to block exe file download.
Please note that HTTPS inspection policies/filters don't block anything. They just give CWS proxy engine visibility of content in HTTPS sessions. Web filtering policies apply actions (block/allow).
Only inspected traffic will be matched by the file web filtering policy for HTTPS. For instance, if you apply HTTPS inspection for only Gaming category file download will be blocked from HTTPS site with Gaming category only.
07-04-2019 11:39 PM
Hi there,
From your description, it may be caused by many reasons like:
1. Misconfigured web filtering rule;
2. Download was done via HTTPS without HTTPS inspection;
3. Download was done bypassing CWS service;
For initial troubleshooting I'd suggest you to check the following:
1. Is traffic for that download going via CWS? Do you see those exe download events in CW reports?
2. What webfiltering rule was applied to the traffic? Pasting the full link to the exe file into http://policytrace.scansafe.net should help to understand that.
Also, you can always open a TAC case to investigate the issue deeper.
07-05-2019 06:19 AM
Thank you - looks like we are not using https inspection
Do you have a link for turning https inspection on please ?
Many thanks for your help
07-05-2019 07:07 AM
Sure, here you go - https://www.cisco.com/c/en/us/td/docs/security/web_security/scancenter/administrator/guide/b_ScanCenter_Administrator_Guide/b_ScanCenter_Administrator_Guide_chapter_010010.html
If you find it helpful please vote for the reply
07-08-2019 07:37 AM
I've had a look at the document in the link - thanks for that.
I can see in ScanCentre that the https inspection filter has options for categories, domains, exceptions and applications, however it doesn't appear to have one for File Types
Therefore I'm not sure if I will be able to block access to .exe files being downloaded from https sites
Please can you advise ?
Many thanks
07-08-2019 08:19 AM
Correct, HTTPS inspection filters can match categories/domains/IPs/applications. HTTPS inspection will be applied for the configured filters and CWS proxy will be able to identify exe files in inspected traffic. Such traffic will be matched by already configured web filtering rule to block exe file download.
Please note that HTTPS inspection policies/filters don't block anything. They just give CWS proxy engine visibility of content in HTTPS sessions. Web filtering policies apply actions (block/allow).
Only inspected traffic will be matched by the file web filtering policy for HTTPS. For instance, if you apply HTTPS inspection for only Gaming category file download will be blocked from HTTPS site with Gaming category only.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide