speakerbox 3 Posted November 23, 2020 Share Posted November 23, 2020 Hi, We've applied a policy setting to block batch files from being downloaded using URL address management. Policy set as per: https://help.eset.com/eea/7/en-US/idh_config_epfw_scan_http_address_list.html I've added "*/*.bat" to list of blocked addresses. Now this seems to work fine on all browsers when the URL is HTTP but if the URL is HTTPS, it only seems to be blocked/working on IE. Chrome and Edge at least are not blocked and the user is able to browse the link ending .bat. SSL/TLS protocol filtering is enabled. Any idea why HTTPS URL blocking doesn't appear to work on Chrome and Edge? Thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 4,909 Posted November 23, 2020 Administrators Share Posted November 23, 2020 Blocking by file extensions will not work if the extension is not at the end of url. Please provide an example of a url that wasn't blocked. Link to comment Share on other sites More sharing options...
speakerbox 3 Posted November 23, 2020 Author Share Posted November 23, 2020 Yes the link we're testing ends in bat: hxxp://www.cyberessentials.guru/guest/testfiles/hello2.bat This is where we see the problem between http which blocks fine and https which only blocks in IE which is strange. On the same browser on the pc if we change the above link to https it doesn't block on chrome or Edge. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,909 Posted November 23, 2020 Administrators Share Posted November 23, 2020 Blocking *bat should work. Link to comment Share on other sites More sharing options...
speakerbox 3 Posted November 24, 2020 Author Share Posted November 24, 2020 Yes that doesn't work i'm afraid. Still works fine if the link starts with HTTP and ends in bat but if it starts with HTTPS and ends in bat it doesn't do anything an allows the downloads. Link to comment Share on other sites More sharing options...
itman 1,627 Posted November 24, 2020 Share Posted November 24, 2020 Did you try to add a second exclusion for https://*/*.bat ? Link to comment Share on other sites More sharing options...
speakerbox 3 Posted November 24, 2020 Author Share Posted November 24, 2020 Yeah have also tried that, I don't think it's relating to the extensions i've added - it doesn't seem to intercept HTTPS traffic at all. Again, fine with HTTP. Link to comment Share on other sites More sharing options...
itman 1,627 Posted November 24, 2020 Share Posted November 24, 2020 (edited) I don't know what you are trying to do here, but a https URL for the web site doesn't exist: Edited November 24, 2020 by itman Link to comment Share on other sites More sharing options...
speakerbox 3 Posted November 25, 2020 Author Share Posted November 25, 2020 Sorry that was just a random URL, we've been using various URLS. For example: https://gallery.technet.microsoft.com/Turn-off-screen-4d173e0a/file/147696/1/Turn off Screen.bat I think I’ve manged to identify the problem however, completely bizarre but on my test PC – the HTTPS URL was only blocked after I cleared cache and cookies in Edge (I done this after testing InPrivate browsing which worked and blocked immediately). So I think ESET or Edge must have cached my test URL’s (Which I visited before adding the URL blocks) in some form and the act of clearing cache in edge resolved immediately. We confirmed this on another PC which had successfully visited the URL’s before I added the file extension, clearing cache then allowed the block to work immediately. Link to comment Share on other sites More sharing options...
Recommended Posts