cancel
Showing results for 
Search instead for 
Did you mean: 
mekafir
Level 7

How to configure MWG to block the malicious .EXE or executables from malicious website only ?

People,

In MWG console, how can I configure the rule to block the executables only from malicious website only ?

0 Kudos
3 Replies
asabban
Level 17

Re: How to configure MWG to block the malicious .EXE or executables from malicious website only ?

Hello,

do you have an existing rule to block executables or do you need to create a brand new rule?

Basically you need to extent the rule that blocks executables by a criteria like "URL.Categories" contains "Malicious Downloads". A sample rule could look like this:

2016-03-10 09_06_46-McAfee _ Web Gateway - MWG7-1 - 10.140.184.111.png

Best,

Andre

mekafir
Level 7

Re: How to configure MWG to block the malicious .EXE or executables from malicious website only ?

no I do not have it at the moment.

So how do I create it from scratch?

Because last week my company has been hit by Cryptolocker virus and some users got infected.

0 Kudos
asabban
Level 17

Re: How to configure MWG to block the malicious .EXE or executables from malicious website only ?

You can create it as indicated above in my screenshot.

Anyway I am not sure if this will help a lot. Generally I would recommend to completely block access to the categories "Malicious Websites" and "Malivious Downloads", so not only deny access to executables but to everything that is malicious.

Probably it would make sense to validate that your policy is correct and strict enough to avoid infections. I don't think adding that single rule above will help, you should ensure that all the important components work e.g. SSL Scanner enabled, AV enabled, URL Filter enabled and blocking access to malicious categories, etc. As I don't know your policy it is hard to make an assumption what changes would have helped in such a case.

Best,

Andre

0 Kudos