How to block EXE files downloaded via http websites using App Rules
06/29/2023 127 People found this article helpful 490,429 Views
Description
The Application Firewall feature can be used to block the download of .exe files. This article shows the steps to configure it.
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
Create Match Object:
- Click Object in the top navigation menu
- Navigate to Match Objects | Match Objects
- Click on Add and select Match Object Type as Custom Object
Select input type representation as hexadecimal and add the following patterns into the object (or you can add these to a file by selecting Import option, so you do not have to type them in manually) and click on Save
- 0d0a0d0a4d5a000002
- 0d0a0d0a4d5a500002
- 0d0a0d0a4d5a420002
- 0d0a0d0a4d5a900003
- 0d0a0d0a4d5a930001
- 0d0a0d0a4d5a000000
- 0d0a0d0a4d5a000001
Create App Rule:
- Click Rules in the top navigation menu
- Navigate to Rules | App Rules
- Click on Add and select Policy Type as HTTP Server and use the above created object in this Application policy. Use Reset/Drop action if you want to block these or No Action if you want to just log them. Set direction of the policy as incoming and click on OK to save the policy
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Create Match Object:
- Click Manage in the top navigation menu
- Navigate to Objects | Match Objects
- Click on Add and select Match Objects under the drop down
Create the Match Object of type Custom. Using input type hexadecimal, add the following patterns into the object (or you can add these to a file which you can use with the Load from File option, so you do not have to type them in manually) and click on OK to Save
- 0d0a0d0a4d5a000002
- 0d0a0d0a4d5a500002
- 0d0a0d0a4d5a420002
- 0d0a0d0a4d5a900003
- 0d0a0d0a4d5a930001
- 0d0a0d0a4d5a000000
- 0d0a0d0a4d5a000001
Create App Rule:
- Click Manage in the top navigation menu
- Navigate to Rules | App Rules
- Click on Add and select policy type as HTTP Server and use the above created object in this Application policy. Use Reset/Drop action if you want to block these or No Action if you want to just log them. Set direction of the policy as incoming
- Click on OK to save the policy
When an HTTP download of an EXE file is blocked by the configured Application Firewall policy, you will see a log message like this:
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
Create the Match Object of type Custom. Using input type hexadecimal, add the following patterns into the object (or you can add these to a file which you can use with the Load from File option, so you do not have to type them in manually) and click OK
- 0d0a0d0a4d5a000002
- 0d0a0d0a4d5a500002
- 0d0a0d0a4d5a420002
- 0d0a0d0a4d5a900003
- 0d0a0d0a4d5a930001
- 0d0a0d0a4d5a000000
- 0d0a0d0a4d5a000001
Create App Control Policy of type HTTP Server and use the above created object in this Application policy. Use Reset/Drop action if you want to block these or No Action if you want to just log them. Set direction of the policy as ‘incoming’ and save the policy:
When an HTTP download of an EXE file is blocked by the configured Application Firewall policy, you will see a log message like this:
Related Articles
Categories
Was This Article Helpful?
YESNO