Re: URLScan and an EXE File

From: FMac (fmac_at_urnerbarry.com)
Date: 07/09/03


Date: Wed, 9 Jul 2003 14:22:46 -0400


When I look at the log file that URLScan generates I see a lot of exe
attempts that are caught. I don't want to remove that extension for
everything. I was hoping that I could insolate one file and have it flagged
to be passed through.

Thanks for your response.

<Nick> wrote in message news:u$aCWUkRDHA.1552@TK2MSFTNGP10.phx.gbl...
> remove .exe from the [DenyExtensions] section
>
> then restart IIS and all should be good
>
> Nick
>
>
> "FMac" <fmac@urnerbarry.com> wrote in message
> news:OgQwCMjRDHA.2084@TK2MSFTNGP11.phx.gbl...
> > Is there anyway to allow a specified exe file to pass through the
URLScan
> > filter?
> > I am using an activeX control that needs to run a small .exe file on the
> > clients workstation in order for it to work. Is there something like
> > [AllowURLSequence] that possibly is undocumented? This is on a paid
> > permissioned site that all users would know the purpose of this update.
> > I am using URLScan 2.5 on a Windows 2000 Server running IIS5.
> >
> > Any ideas would be appreciated.
> >
> > Thanks,
> > Frank
> >
> >
>
>



Relevant Pages

  • Re: Trend C/S/M SMB on SBS2003
    ... Fixed - problem caused by UrlScan.ini (preventing CGI script from running) ... Tool and installed UrlScan 2.5. ... Since Trend Micro uses .exe to execute CGI, ... I don't like the idea of allowing the extension ".exe" to run on my web ...
    (microsoft.public.inetserver.iis)
  • Re: Trend C/S/M SMB on SBS2003
    ... Fixed - problem caused by UrlScan.ini (preventing CGI script from running) ... Tool and installed UrlScan 2.5. ... Since Trend Micro uses .exe to execute CGI, ... I don't like the idea of allowing the extension ".exe" to run on my web ...
    (microsoft.public.windows.server.sbs)
  • RE: URLScan
    ... I would NOT recommend opening up the .exe ... > extension. ... > reboot your server. ... > Subject: URLScan ...
    (Security-Basics)
  • Re: URLScan (and Demarc PureSecure)
    ... I added focus-ids to the recipient list - if you reply to this, and it's not related to Intrusion Detection, please remove that recipient. ... still have reservations when it comes to allowing .exe ... > on opeing up specific .exe's via URLScan. ... >>> knowledge of web servers and I'm not sure how I ...
    (Security-Basics)
  • Re: URLScan
    ... i know you can move and ACL critical system ... still have reservations when it comes to allowing .exe ... > on opeing up specific .exe's via URLScan. ... >> Do You Yahoo!? ...
    (Security-Basics)