I have MWG version 7.6.2 .
I imported a rule that blocks download of executable files .
However , some files are blocked as configured - but other .exe files are downloaded .
Does someone have an idea ?
I tested both links in my lab but was unable to reproduce a block, doesn't matter whether GTI lookups are enabled or not.
As Stefan has written, open a SR that Support can look at this.
Therefore, please open a normal SR and follow this KB:
Important information would be a feedback file (there we have the MWG, engine and DAT version and can test your configuration), screenshot of block message, error message from foundvirus log, rule trace (that we can see where the request is running through) and the password protected sample.
Please use the Rule Engine tracing for troubleshooting if the block rule got also executed and is not bypassed due to any other rule:
If you need help analyzing this behaviour file a support request and upload the data into this Service Request. Please do NOT post this confidential data here.