RE: MS ISA activeX Filtering
From: Jim Harrison (ISA) (jmharr_at_microsoft.com)
Date: 10/05/04
- Previous message: Eric: "Re: Tool for removing LANMAN hashes from registry"
- Maybe in reply to: Casey DeBerry: "MS ISA activeX Filtering"
- Next in thread: Michael Marshall: "RE: MS ISA activeX Filtering"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 4 Oct 2004 15:52:33 -0700 To: "Paul Kurczaba" <paul@myipis.com>, "Casey DeBerry" <cdeberry@cobizinc.com>, <focus-ms@securityfocus.com>
Yes, ISA 2000 and ISA 2004 can both block those file types (or
mime-types).
As Paul pointed out, simply blocking those will also cause trouble for
legitimate sites (Windows Update, for instance).
Better that you review the ISA web proxy logs and determine where they
got it and block that site.
Jim Harrison
MCP(NT4/2K), A+, Network+
Security Business Unit (ISA SE)
"The last 10 years of Internet usage has disproven
the theory that a million monkeys typing on a million
typewriters would eventually produce the complete
works of Shakespeare. ..or maybe it only works for
typewriters..."
(unclaimed)
-----Original Message-----
From: Paul Kurczaba [mailto:paul@myipis.com]
Sent: Monday, October 04, 2004 11:52 AM
To: Casey DeBerry; focus-ms@securityfocus.com
Subject: Re: MS ISA activeX Filtering
I would filter the following file extensions: cab, ocx, and dll. These
are
used by ActiveX.
I don't know if ISA 2000 can block ActiveX. That would be kind of funny
though...One microsoft technology blocking another microsoft technology.
Note that if you block cab, ocx, and dll extensions, it will block the
legitimate Windows Update site as well as the Office update site.
-Paul
----- Original Message -----
From: "Casey DeBerry" <cdeberry@cobizinc.com>
To: <focus-ms@securityfocus.com>
Sent: Monday, October 04, 2004 11:41 AM
Subject: MS ISA activeX Filtering
Will MS ISA 2000 Server block ActiveX applications on its own? In other
words.. Users are unknowingly downloading the dowloader.MM trojan. My
AV
Software is finding and renaming/deleting it successfully, but I would
like
another layer of protection to keep the specific activeX application
from
entering the enterprise.
Do I need another add-on?
Thanks,
Casey
------------------------------------------------------------------------
--------------------------------------------
CONFIDENTIALITY NOTICE:
This e-mail contains confidential information and is intended only for
the
individual named. If you are not the named addressee, you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately if you have received this e-mail by mistake and delete this
e-mail from your system. E-mail cannot be guaranteed to be secure or
error-free as information could be intercepted, corrupted, lost,
destroyed,
arrive late or incomplete, or contain viruses. Neither the sender nor
CoBiz
Inc. and its subsidiaries accept liability for any errors or omissions
in
the contents of this message, which arise as a result of e-mail
transmission.
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Eric: "Re: Tool for removing LANMAN hashes from registry"
- Maybe in reply to: Casey DeBerry: "MS ISA activeX Filtering"
- Next in thread: Michael Marshall: "RE: MS ISA activeX Filtering"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
