- CheckMates
- :
- Products
- :
- Quantum
- :
- Threat Prevention
- :
- Allow File Download from certain URLs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Allow File Download from certain URLs
Hello,
we have R80.20 and normally we don't allow to download filetypes like "exe", "zip" etc.. Therefore we created a Threat Prevention policy with the action "prevent (defined in a profile)". Now we want do define some URls (as exceptions) where a file download is accpeted and allowed.
Does anybody know, how I can do this?
Thanks for any infos.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Please share an example.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
for example I want to download the file "KeePass" (and later also files from other URLs) from the URL https://www.heise.de/download/product/keepass-15712
Therefore I need an exception for the domain "*.heise.de", because normaly we deny to download filetypes as exe, zip....
I already tried to define an exception rule under the threat prevention rule (which blocks to download certain filetypes), however this doesn't work.
How can I implement this?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You can create a custom application in order to allow those certain URLs. Please refer to sk103051 for download and guide.
Then, you can create an application for “.heise.de/download” with HTTP scenario:
After that, import the application into Smart Console and use it in a rule in the access policy on “allow”:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Since he's blacklisting exes in general in Threat Prevention, he probably needs to create specific indicators that are set to "Detect" or "Inactive".
This means creating an indicator file that contains the necessary domains you want to allow and importing it.
See: https://sc1.checkpoint.com/documents/R80.20/SmartConsole_OLH/EN/-_ktjOvSNsVDDJA210OA3g2.htm
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your answers. I will try it.
As I described I also tried an exception under the Threat prevention. It seems that it works only with a Regex expression for the domain heise.de and not with a wildcard definition.
So the Regex: .*\.heise\.de.* allows the download from the domain heise.de however the wildcard *.heise.de or *.heise.de* doesn't work. Is the syntax for the wildcard false? I don't understand why it doesn't work with a wildcard.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for the infos. I will try it.
As I described in my last post, I tried to accept the download with an exception rule under the threat prevention rule (rule which blocks all exe downloads). Now it seems, that the rule works, but only if I write the URL as a Regex expression and not as a wildcard.
So the regex works: .*\.heise\.de.* but not the wildcard *.heise.de or *.heise.de*. Is the syntax of the wildcard false? Is this also a correct way if i define a Threat prevention exception?
Thanks.