Hey guys,
I really hope someone can help me out with this. I had been working with customer and TAC for 2 months on this and I feel we are little further than back when we started. Here is the requirement and the current situation:
-requirement is to have specific users block from downloading say msi or exe files, but still allow those PC to do windows updates regularly and when file downloads are blocked, its a MUST to have block poage displayed, because client does not want users constantly opening help desk tickets wondering why this is failing
TAC had so far asked us to check the following:
-make sure strict hold is enabled (set to 1) in malware_config file in $FWDIR/conf dir, which it is
-apply sk116022, which we did
-have jumbo 99 installed, also completed
Essentially, say when we go to putty.org (which I also tested in my own lab), and try msi or exe download, yes, block page does work, BUT, if you say go to google.com and google "google chrome download" and try to get the file, its blocked, but block page NEVER comes up. TAC has also built the lab for this, but appears even in their lab this is very inconsistent.
Has anyone ever done this successfully? I would have hard time believing this does not work as intended, unless its due to some weird redirect.
For what its worth, ssl inspection blocking is fine, never an issue. We initially tried using content awareness for it, but since it kept failing, we simply gave up on it. Also, TAC gave me custom fix from R&D for jumbo 99, but sadly that did not improve the situation.
Thanks again for help, as always!
Andy