Hi,
I'm attempting to block the download of executables via ESET. One can find directions here: https://help.eset.com/ees/7/en-US/how_block_file_dwnl.html
So, say you want to block .exe files, you setup the URL mask as "*/*.exe". You need that extra "*/" in order to workaround some special domain handling behavior. This blocks any URL that ends in ".exe".
The problem I'm running in to is that the file blocking can be bypassed by simply appending a ? to the end of the link, essentially tacking on a dummy querystring. For example, "blah.com/file.exe" would be blocked. "blah.com/file.exe?test" would NOT.
One fix is to block "*/*.exe*". That works; it will block both examples above. But... it would also block "blah.com/about.exe.html".
Information on the URL mask wildcards can be found here: https://help.eset.com/ees/8/en-US/idh_dialog_epfw_url_address_list.html?idh_dialog_epfw_add_url_addr_mask.html
What I need to be able to do is escape the ? symbol, that way I could have two block rules: "*/*.exe" and "*/*.exe?*". The second rule would block any .exe file that is followed by a ?, then any other text. "blah.com/file.exe?test" would be blocked, "blah.com/file.execute.htm" would NOT.
Anyone know if this is possible? I already tried using a backslash to escape the ?, like so: "*/*.exe\?*". Didn't work.