How can we help?

EXE and MSI files can still be downloaded despite blocking them

Follow

Summary

Despite a Policy stating that MSI and EXE files should not be downloadable, they can be in some cases. For example, the client is able to download Chrome.exe even if the EXE file download is blocked. This occurs when the client adds certain headers to the Policy, allowing Chrome and Mozilla to be downloaded.

image-20240318-093800.png

Solution

The reason the googlechrome.exe download is not blocked is because the google.com request header will match before an 'extension' match is found for the same URL.  
 
The recommended way to resolve this issue is to use a 'Proceed To List' rule.

1. Create a List with these entries 

*  -->  default list action → “add the header”.exe --> Deny.msi --> Deny

2. Add a Policy to the Local List and set the action to Proceed to the List created at the top.

As always, it is recommended to test your new rule after implementation.

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request