Blocking behavior for Internet applications, malware, and URL filtering

Article:HOWTO36948  |  Created: 2010-12-16  |  Updated: 2011-02-10  |  Article URL http://www.symantec.com/docs/HOWTO36948
Article Type
How To


Environment

Subject


Blocking behavior for Internet applications, malware, and URL filtering

Symantec Web Gateway can block file transfers, Internet applications, malware phone home attempts, and Web pages. You can configure blocking in the following types of policies:

Application control policy

You can allow, block, or monitor Internet access for applications with the application control policy settings.

See Configuring policies for Internet applications.

Malware policy

Malware includes spyware, viruses, worms, Trojan horses, botnets, keyloggers, and so on.

See Configuring policies for malware.

URL filtering policy

Symantec Web Gateway can block, monitor, or allow access to categories of Web sites. To block categories of Web sites, you must have the URL filtering license.

See Configuring URL filtering policies for Web sites.

See Installation checklist.

Blacklist

You can block file downloads by file extension using the blacklist.

See Blocking or monitoring file transfers using the blacklist.

See About policies.

Symantec Web Gateway can block file transfers, Internet applications, malware phone home attempts, and Web pages. The method that Symantec Web Gateway uses to block these activities depends on the source, action, and the policy that applies.

Table: Blocking methods

Blocking method

Description

Examples

End user blocking page

For downloads and URL access that a user initiates in a Web browser, Symantec Web Gateway displays an end user blocking page to block access. The requested action does not occur and the blocking page is displayed instead.

A user's computer is part of a malware policy. The user attempts to download a file using a Web browser. Symantec Web Gateway detects a virus in the file. Symantec Web Gateway displays a blocking page instead of allowing the file download.

File corruption

For file uploads in a Web browser and file downloads not in a Web browser, Symantec Web Gateway intentionally corrupts the contents of a file. Symantec Web Gateway corrupts the file to disable malware.

A user's computer is part of a malware policy. The user attempts to download a file using FTP. Symantec Web Gateway detects a virus in the file. The download proceeds. However, Symantec Web Gateway corrupts the contents of the file to disable the virus.

Interrupted connection

For malware phone home attempts, application control, and IM file transfers, Symantec Web Gateway interrupts the connection to block access.

A user attempts to use a peer-to-peer file sharing application that is blocked in an application control policy. The peer-to-peer file sharing application does not work for the user. The peer-to-peer file sharing application may display an error.

If you configure Symantec Web Gateway in the port span/tap network configuration, it cannot provide the same level of blocking as the inline network configuration.

See About inline or port span/tap network configurations.

Table: Blocking behavior for policies

Application

Application action

Policy

Browser patience page

Blocking method

Supported network configurations

Web browsers

Download .exe, .zip, .rar, .dll, and .cab files that are over 50,000 bytes

Antivirus scan from malware policy

Yes

End user blocking page

Inline only

Web browsers

Download file

Antivirus scan from malware policy

No

End user blocking page

Inline only

Web browsers

Download file

Blacklist block by file extension

No

End user blocking page

Inline and port span/tap

Web browsers

Upload file

Antivirus scan from malware policy

No

Corrupts the file

Inline only

Web browsers

Upload file

Blacklist block by file extension

No

End user blocking page

Inline only

Web browsers

Browse to URL

Malware or URL filtering

No

End user blocking page

Inline and port span/tap

FTP

Upload file or download file

Antivirus scan from malware policy

No

Corrupts the file

Inline only

Malware phone home

Any network activity

Malware

No

Interrupts connection

Inline and port span/tap

Applications available for application control

Any network activity

Application control

No

Interrupts connection

Inline and port span/tap

Some limitations for port span/tap as noted in Web GUI

IM applications

Upload file or download file

Application control

No

Interrupts connection

Inline and port span/tap

Some limitations for port span/tap as noted in Web GUI

IM applications

Upload file or download file

Antivirus scan from malware policy

No

Corrupts the file

Inline only

Applications that access the Internet, such as for software updates

Download file

Antivirus scan from malware policy

No

Corrupts the file

Inline only

Unknown Web browser applications

Download file

Antivirus scan from malware policy

No

Corrupts the file

Inline only


Legacy ID



v29516519_v48507552


Article URL http://www.symantec.com/docs/HOWTO36948


Terms of use for this information are found in Legal Notices