1 Reply Latest reply: Feb 6, 2013 11:03 PM by btlyric RSS

    Block Corrupt Media Rule

    iain.gardiner

      I am increasingly having files or functionality blocked due to this rule.

       

      The latest today is facebook messaging, extract from access denied log

      [06/Feb/2013:10:24:09 +0000]" " "403" "BlockReason: Media type blocked" "URL Categories: Social Networking" "Blocking Rule: Block Corrupted MediaTypes" "POST https://www.facebook.com/ajax/platform/unity/logging HTTP/1.1" "22" "URL Reputation: Minimal Risk" "Media Type: application/x-www-form-urlencoded"101 "User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)" "

       

      Can someone from McAfee confirm whether there is a known issue that is being worked on for a future release.

       

      I can't keep submitting service requests for each time this happens, especially for functionality from the likes of Facebook and Youtube.

       

      Meantime I think I will have to diable this rule.

       

      Thx in advance.....

        • 1. Re: Block Corrupt Media Rule
          btlyric

          I'm not from McAfee, but I can possibly validate your experience.

           

          I have a rule that triggers an alert on Corrupted Media Type, but doesn't block the traffic. To date, most of the alerts that I've seen are for PDF files. For example, in my environment, out of 1013 Body Corrupted identifications, 943 are related to PDF files.

           

          Out of the 70 that weren't triggered by PDF files, 32 were triggered by facebook.com URLs and the rest were various other domains.

           

          Did see a post from 2011 that stated that the PDF opener didn't like some specific feature/option and would trigger a Body Corrupted condition.