Best practice for allow some apps (Skype, Chrome) updates and block users to download exe

Forum|Forum|9 years ago
July 26, 2016
1 reply
7306 views

Good day.

What is the best practice for allow some apps (Skype, Chrome) updates and block users to download other execution (.exe, .bat, .msi etc) files?

I created DLP policy with block this files in all protocols, enabled deep ssl inspection and put these policies to web rule users access to Internet. But this rule blocked valid application updates...

SCSIraidGURU

New Member

I use a Windows Server Update Services server for Microsoft updates. Symantec Endpoint has its management server for updates. WSUS and SEPM servers save on bandwidth by downloading patches to one server and gives you granular control on allowing, denying or revoking Windows Patches and Updates that cause problems. I allow Adobe updates directly. Web filters should allow you to block exe files.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded