Blocking Unauthorized Files and Applications
As compliance for business, users must not access unauthorized applications and files. This will help to increase the productivity of every employee of a company.
For Unauthorized Files such as MP3s, AVIs, etc.
Symantec can only block specific filenames and file type extension. Smart users can bypass this blocking by renaming its file type extension.
Recommendation:
File types should be blocked using header file and not file type extensions.
For Unauthorized Applications such as Games, Instant Messaging etc.
Just like file blocking, only the file names and its hash values can only be blocked. The problem here is once the application has a newer version, it is very hard to manage all hash values.
Recommendation:
Symantec will automtically collect the newest version of the application and make a unique signature for daily update downloads.
Comments
Blocking Unauthorized Files and Applications
In actual fact, we can block the application by using the md5 hash too. File name is just an option.
Alan Lee
Principal Regional Product Manager, Enterprise Security Group, Symantec
My problem for MD5 value is
My problem for MD5 value is it is only recommended for 32 bit application. I have tried it with 16 bit application such as flash games and unfortunately it did not work. In addition, it is not recommended to use it especially when files have lots of md5 values such as MP3s, AVIs etc. That is why my recommendation is to block a file using its header file if possible.
Jomar Gonzales
I agree with the idea of
I agree with the idea of jomargonzales about the use of the header file instead of the file extension.
There are even some antivirus vendors that are already using this method.
Recommendation:
File types should be blocked using header file and not file type extensions.
Would you like to reply?
Login or Register to post your comment.