Article Applies To:

SonicWALL Security Appliance Platforms:

Gen5: NSA E8500, NSA E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 2400 MX, NSA 240
Gen5 TZ Series: TZ 100, TZ 100 Wireless, TZ 200, TZ 200 W, TZ 210, TZ 210 Wireless,
Gen4: PRO series: PRO 5060, PRO 4100, PRO 4060,PRO 3060, 
Firmware/Software Version: SonicOS Enhanced 4.0 or higher
Services:  Application Firewall


Overview

The Application Firewall feature can be used to block the download of .exe files.  Follow the steps below to configure.

Resolution or Workaround

1. Create the Application Object of type ‘Custom’.  Using input type ‘hexadecimal’, add the following patterns into the object (or you can add these to a file which you can use with the “Load from File” Application Object option, so you do not have to type them in manually):

0d0a0d0a4d5a000002

0d0a0d0a4d5a500002

0d0a0d0a4d5a420002

0d0a0d0a4d5a900003

0d0a0d0a4d5a930001

0d0a0d0a4d5a000000

0d0a0d0a4d5a000001

 

2.  Create Application Policy of type ‘HTTP Server’ and use the above created object in this Application policy.  Use ‘Reset/Drop’ action if you want to block these or ‘No Action’ if you want to just log them.  Set direction of the policy as ‘incoming’ and save the policy:

When an HTTP download of an EXE file is blocked by the configured Application Firewall policy, you will see a log message like this: