4 Replies Latest reply on Dec 6, 2013 2:47 PM by cryptochrome

    Application Control / Filtering




      how does Application Filtering work in concert with URL-Filtering? Say you have an application filtering rule that allows certain Facebook functions and blocks others, while at the same time you have a URL-Filter rule that blocks Social Media sites. That rule would completely block Facebook.


      I figure it all depends on rule placement.


      How does it work? What's best practice?



        • 1. Re: Application Control / Filtering
          Jon Scholten

          Hi cryptochrome,


          At the moment, application controls are only designed for blocking applications.


          They are not designed for allowing applications -- be it as a whole or a specific subset.


          So your scenario will not work, where you attempt to allow facebook with application control, and then are blocking Social networking.




          • 2. Re: Application Control / Filtering

            I just opened a support case regarding this type of issue.  Is this on the roadmap?  Having an application definition that is only useful for blocking is difficult.  I guess it is always easier to break something, then make it work.


            Regarding Facebook specifically, the akamai content domains are not included.  Regarding main applications I can't imagine a whole lot of change to those definitions.  They have their domain(s) + TLD and they pretty much stay the same.  Content sites for them may change more often, but has McAfee even attempted to see how much work it is?

            • 3. Re: Application Control / Filtering
              Jon Scholten

              You are correct in that it is easier to break something that to make it work.


              I am not certain of how much work it is. PM (Product management) would probably have a better idea of what research went into that.




              • 4. Re: Application Control / Filtering

                I am really wondering where McAfee is headed with this. If I compare this to other vendor's solutions (namely Palo Alto Networks), then McAfee doesn't even come close. No offense, but it looks more like a "we have it too" feature than something that has really been thought through. Are there any PMs on this forum who could give us some food?