Showing results for 
Search instead for 
Did you mean: 
Level 7

Malicious exe download detection

We have a requirement to detect exe downloads. There are a couple ways I can think to do this.

Option 1...Catch HTTP get requests.. for files ending in exe. (Issue obviously being that the GET could be for jpg but ... Content-Type:                                 application/octet-stream

Option 2.. try and catch MZ in the first x bytes.  but there are some issues with  gzip/chunked encoding etc..

What do you all recommend?

0 Kudos
2 Replies
Level 7

Re: Malicious exe download detection

U can test GTI..Maybe GTI can help you ...

0 Kudos
Level 9

Re: Malicious exe download detection

As Rangerlj told you, you can use the File Reputation function for detect some malwares using the GTI.

But if your requirements is strong, you should use McAfee Web Gateway, not NSP.

0 Kudos