Video Screencast Help

Blocking IE 8 but not IE 9 with ADC

Created: 27 Feb 2013 | 1 comment

What is the best way to distinquish between Internet Explorer 8 and Internet Explorer 9 so that I can effectively block IE 8, but allow the use of IE 9 with Application and Device Control in SEP. I don't think using checksum.exe and hashes will work will because of the multiple versions of IE 8 and IE 9 that exists (variations due to patches and such). Certainly using the process name or appliation path won't work because they are the same.

 Any ideas?

 Thank you in advance!

Operating Systems:

Comments 1 CommentJump to latest comment

Brɨan's picture

The best option would be to use hash blocking. I'm not sure there is an easier way with ADC. Does the hash actually change when IE is patched? I'm not sure iexplore.exe changes but only when new versions are released. Only files used by IE may change with a patch but not iexplore.exe.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.