carmik 0 Posted September 19, 2022 Posted September 19, 2022 On our Endpoint Security 9.1 clients we wish to have all outbound web traffic blocked by default, with only certain URLs/groups allows. How can I implement a default block-all rule in web control?
Administrators Marcos 5,453 Posted September 19, 2022 Administrators Posted September 19, 2022 You could create a url-based rule to block everything (*) and then put permissive category-based rules above it. However, remember that parts of websites may be loaded from CDNs or other sites. Also the operating system itself may try to download files from servers not whitelisted by the permissive rules.
carmik 0 Posted September 19, 2022 Author Posted September 19, 2022 1 hour ago, Marcos said: You could create a url-based rule to block everything (*) ... Can't make this step happen, that's the problem. I've created a single rule (which is a block-all one) like this one: ΅What am I missing?
Administrators Solution Marcos 5,453 Posted September 19, 2022 Administrators Solution Posted September 19, 2022 I was wrong. However, I've tried this and it worked: 1, Create a permissive category-based rule with categories you want to allow 2, Create a blocking category-based rule with a group containing all categories
carmik 0 Posted September 20, 2022 Author Posted September 20, 2022 Just got time to re-visit this. Before going on I've stumbled into a passage of text in https://help.eset.com/ees/9/en-US/idh_page_setting_parental.html stating that: [quote]In case you want to block all webpages and leave only certain available, use URL address management.[/quote] The answer is in https://help.eset.com/ees/9/en-US/idh_config_epfw_scan_http_address_list.html and I must say this is an elegant one (but rather hidden in an obscure place). Will try it and get back.
carmik 0 Posted September 20, 2022 Author Posted September 20, 2022 (edited) Yep, that did the trick! EDIT: Come to think of it, this a solution to a different problem. Ie having a block all web policy and nothing else (either no allow pages or a very small number). @Marcos's response is more on par with the OP problem. EDIT2: Approach seems to be blocking windows upates. Dang! Edited September 20, 2022 by carmik
carmik 0 Posted September 20, 2022 Author Posted September 20, 2022 Under which category in web control do windows updates fall?
Administrators Marcos 5,453 Posted September 20, 2022 Administrators Posted September 20, 2022 11 minutes ago, carmik said: Under which category in web control do windows updates fall? *.microsoft.com falls under these categories: Productivity Business Software Windows I assume you should be able to create a url-based permissive rule allowing "microsoft.com" (without wildcards) and put it above the blocking rule.
Recommended Posts