Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1674
Views
15
Helpful
5
Replies

Users can download .exe files - Cisco Cloud Web Security

Go to solution
jessicaday
Level 1
Level 1

‎07-03-2019 06:25 AM

We have Cisco Cloud Web Security

 

We have a filter set up that should block users from downloading .exe files from the internet.  Under file types .exe is ticked

 

However, I've found that users can actually download .exe files

 

Thanks for your assistance

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
opryluts
Cisco Employee
Cisco Employee
In response to jessicaday

‎07-08-2019 08:19 AM

Correct, HTTPS inspection filters can match categories/domains/IPs/applications. HTTPS inspection will be applied for the configured filters and CWS proxy will be able to identify exe files in inspected traffic. Such traffic will be matched by already configured web filtering rule to block exe file download.

 

Please note that HTTPS inspection policies/filters don't block anything. They just give CWS proxy engine visibility of content in HTTPS sessions. Web filtering policies apply actions (block/allow).

 

Only inspected traffic will be matched by the file web filtering policy for HTTPS. For instance, if you apply HTTPS inspection for only Gaming category file download will be blocked from HTTPS site with Gaming category only. 

 

View solution in original post

5 Replies 5

Go to solution
opryluts
Cisco Employee
Cisco Employee

‎07-04-2019 11:39 PM

Hi there,

From your description, it may be caused by many reasons like:

1. Misconfigured web filtering rule;

2. Download was done via HTTPS without HTTPS inspection;

3. Download was done bypassing CWS service;

 

For initial troubleshooting I'd suggest you to check the following:

1. Is traffic for that download going via CWS? Do you see those exe download events in CW reports?

2. What webfiltering rule was applied to the traffic? Pasting the full link to the exe file into http://policytrace.scansafe.net should help to understand that.

 

Also, you can always open a TAC case to investigate the issue deeper. 

Go to solution
jessicaday
Level 1
Level 1
In response to opryluts

‎07-05-2019 06:19 AM

Thank you - looks like we are not using https inspection

 

Do you have a link for turning https inspection on please ?

 

Many thanks for your help

0 Helpful

Go to solution
jessicaday
Level 1
Level 1
In response to opryluts

‎07-08-2019 07:37 AM

I've had a look at the document in the link - thanks for that.

 

I can see in ScanCentre that the https inspection filter has options for categories, domains, exceptions and applications, however it doesn't appear to have one for File Types

 

Therefore I'm not sure if I will be able to block access to .exe files being downloaded from https sites

 

Please can you advise ?

Many thanks 

0 Helpful

Go to solution
opryluts
Cisco Employee
Cisco Employee
In response to jessicaday

‎07-08-2019 08:19 AM

Correct, HTTPS inspection filters can match categories/domains/IPs/applications. HTTPS inspection will be applied for the configured filters and CWS proxy will be able to identify exe files in inspected traffic. Such traffic will be matched by already configured web filtering rule to block exe file download.

 

Please note that HTTPS inspection policies/filters don't block anything. They just give CWS proxy engine visibility of content in HTTPS sessions. Web filtering policies apply actions (block/allow).

 

Only inspected traffic will be matched by the file web filtering policy for HTTPS. For instance, if you apply HTTPS inspection for only Gaming category file download will be blocked from HTTPS site with Gaming category only. 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents