Hi
I have created a rule to block download and upload executable with
===========
Category : 138 categories
Activities: Upload, Download
Activity Constraint: Filetype = Binary and Executable
=========
but can't seem to get it working.
Any advise ?
Hello @munster ,
Can you provide a screenshot of your policy? Do you see the uploads and downloads getting blocked at all? Are they being detected in application events? How are you testing the policy?
Hi sshiflett
Pls see the config
I was testing these 2 links
a) https://2.na.dl.wireshark.org/win64/Wireshark-4.2.2-x64.exe (this is blocked)
b) https://download.microsoft.com/download/2/7/A/27AF1BE6-DD20-4CB4-B154-EBAB8A7D4A7E/officedeploymenttool_16731-20398.exe (this is NOT blocked)
From the application events, I can only see wireshark events.
Thank
Munster
Userlevel 3
+1
Because download.microsoft.com is in exception by default.
How to fix.
1. Log into NS Console > Setting > Steering Configuration > Click the config you are using (for example, Default tenant config) > Exceptions > Filter Domains.
2. Open the exception and remove download.microsoft.com
My access was blocked after I made the above change.
Hi Ejang
Thank for the info.
From the skopit, where can I find out that it was due to EXCEPTION? There are so many settings.
thank
Userlevel 3
+1
You cannot see it in Skope IT as those traffic in exceptions doesn't go through NS proxy.
So usually when something is not working, first thing you need to do is to check client debug log to see the traffic is being forwarded to NS proxy. (if there is no relevant log found, then traffic is not forwarded to NS Proxy)
To find the log, go to client icon > Save logs.
Userlevel 5
+16
Or you can use the URL Lookup tool inside Profiles - Web to see if the destination is steered or not.
Reply
Login to the community
If you haven't already registered, now is a good time to do so. After you register, you can post to the community, receive email notifications, and lots more. It's quick and it's free! Create an account
Login with SSO
Employee Partneror
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.