Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IronPort S170 - Not Blocking Executable Content

Hi All,

We have a Cisco IronPort S170 (7.5.2-303 for Web) which controls Internet Access. The access policy in place is configured to block Executable Code. However, it has come to our attention that it is currently possible to download the GoToMyPC Software executable from a particular link. I should add that 99.5% of the time the Web Appliance does successfully block the download of executable content.

I examined the logs to see why this might be the case and found that the IronPort Web Appliance was categorising the response body MIME type of the executable as an image/gif as opposed to say, application/x-dosexec.

Could someone please suggest what may be the issue here and how we could go about addressing it?

Many thanks,

JP

1 REPLY
New Member

Hi All,We have resolved this

Hi All,

We have resolved this issue. It turns out the problem lay in a misconfiguration in our Decrypt Policy. The GoToMyPC website had a WBRS which permitted it to pass through the appliance without scanning. Increasing the WBRS scanning range within the decrypt policy forced scanning of the content and the file download was identified and blocked.

 

John P

227
Views
0
Helpful
1
Replies