We have a requirement to detect exe downloads. There are a couple ways I can think to do this.
Option 1...Catch HTTP get requests.. for files ending in exe. (Issue obviously being that the GET could be for jpg but ... Content-Type: application/octet-stream
Option 2.. try and catch MZ in the first x bytes. but there are some issues with gzip/chunked encoding etc..
What do you all recommend?
As Rangerlj told you, you can use the File Reputation function for detect some malwares using the GTI.
But if your requirements is strong, you should use McAfee Web Gateway, not NSP.