search cancel

Is it possible to exclude files download from specific URLs in ADC policy

book

Article ID: 255593

calendar_today

Updated On:

Products

Endpoint Security Complete

Issue/Introduction

We have application control policy that block executable files download for all browser type, base on file extension (exe, bat, zip, etc...)
Is there a way to exclude a specific URL from this block?

I have a ADC rule that block download for any browser, my question is can I exclude a URL from this:

Rule name – block download

 

Environment

14.3 RU1 and later

Resolution

The short answer:

No, you will not be able to define excluded URLs from which you can download files with extensions defined to be blocked based on ADC in ADC policy.

 

 

The long answer:

The reason why you will not be able to implement this configuration, is because there is no such configuration capabilities in the ADC policy rulesets rules with which you will be able to define URLs to exclude the downloaded files from the to be blocked browser process access to downloaded files.
The only exclusion available option is "Do not apply to the following files and folders"
You can exclude file name with regular expressions, meaning if you can force a rewrite of the downloaded files from your trusted URL list in any protected browser so it will be something like: example_allowMe.exe, where "_allowMe" is the added part to example.exe, then in this case you can add *_allowMe* to "Do not apply to the following files and folders", and after this any file will be downloaded only if it matches this attribute, this attribute can be any string that can be kept as secret.
In application exceptions you also can't exclude certain URLs, you can only exclude a whole process.
Excluding a URL from the Network Threat Protection (IPS Feature) will not help in preventing ADC to terminate access by browsers to files with defined extensions.
You may look for any ways of achieving the renaming of downloaded files from trusted URLs, and if that is possible using any network devices or browser extensions then you will be able to achieve your goal.

Attachments