ISA 2006
I block all users from downloading executable content. Our organization is small enough that I can handle any download request.
I have an Internet access rule that allows HTTP and HTTPS. The HTTP filter is configured to Block responses containing Windows executable content, and I have .exe as a prohibited extension. It has worked great for years.
Today I found that a user had downloaded an executable from Xerox eConcierge. It's just an update for the Supplies Assistant, not a problem. When I checked the logs to see how it got through, it didn't show up. I tried downloading it from a test machine, while monitoring ISA, and again it comes through unscathed. The site uses jsp and it seems it can initiate the download without using HTTP. Does the HTTP filter not work on secure connections? Is there a way to block executables coming in this way? This is the page with the download button:
Any help with this would be greatly appreciated.