Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1024
Views
0
Helpful
1
Replies

IronPort S170 - Not Blocking Executable Content

isoffice1
Level 1
Level 1

‎05-23-2014 04:43 AM

Hi All,

We have a Cisco IronPort S170 (7.5.2-303 for Web) which controls Internet Access. The access policy in place is configured to block Executable Code. However, it has come to our attention that it is currently possible to download the GoToMyPC Software executable from a particular link. I should add that 99.5% of the time the Web Appliance does successfully block the download of executable content.

I examined the logs to see why this might be the case and found that the IronPort Web Appliance was categorising the response body MIME type of the executable as an image/gif as opposed to say, application/x-dosexec.

Could someone please suggest what may be the issue here and how we could go about addressing it?

Many thanks,

JP

Labels:
0 Helpful
1 Reply 1

isoffice1
Level 1
Level 1

‎05-30-2014 01:33 AM

Hi All,

We have resolved this issue. It turns out the problem lay in a misconfiguration in our Decrypt Policy. The GoToMyPC website had a WBRS which permitted it to pass through the appliance without scanning. Increasing the WBRS scanning range within the decrypt policy forced scanning of the content and the file download was identified and blocked.

 

John P

0 Helpful
Customers Also Viewed These Support Documents