So you mean to say downadup cannot detect by Symantec web security, All I want is , before the downadup enter to our network it will filter the downadup, so it will not propagate into our internal network is Symantec have a solution like this? if you say that downadup is came from a share file yes it possible but why the downadup is detected from temporary internet files. any suggestion to block the downadup from the firewall level. the number of downadup detected on our network is morethan hundred thousand eventhough SEP can detect it but cannot block it