According to this page: https://kc.mcafee.com/corporate/index?page=content&id=KB87568 to control web addresses and block some, on every browser the extension or add-on should be enabled locally! If it is true than it would be very funny in a network where using different browsers and internet connection are allowed. Is there any alternative way to block a specific web address using ENS? For example Firewall?
Thank you in advance.
Thank you for your post. Excellent question! McAfee cannot enforce browsers to enable our addons or plugins for web control as the browsers do not allow the same. Hence in the same referred KBA, we have provided solution for enabling extensions via Group Policy.
While Internet Explorer settings are pre loaded to your GPO, Other GP Policy objects can be obtained from the referred link in the KBA or from the browser support pages.
I sincerely hope this helps.
Thank you so much for your reply.
Actually asking the IT team to enforce such a policy in Active Directory for just controlling the Web while other brands are doing it in a much easier way does not seem very appropriate.
So I tried to solve this issue through firewall by adding a rule to block all connections to a specific FQDN address which is added to "Specify network" section in the policy, and Network protocol:Any, Transport protocol:All. And it worked!
I certainly understand the inconvenience here.
While this can be an excellent enhancement for our product, the work around you have implemented can be further narrowed down to just for browser based traffic if you mention the executables names (like firefox.exe, iexplore.exe, etc.). The major advantage of using web control is that you can control/ block traffic to specific categories of sites which is not achievable via Firewall.
Thank you for keeping us updated on what worked for you.