App Control Use Cases
690
SonicOS 5.8.1 Administrator Guide
To create a policy that uses this object and action, navigate to Firewall > App Rules and click
Add New Policy. Create a policy like the one shown below.
To test this policy, you can open a Web browser and try to download any of the file types
specified in the match object (exe, vbs, scr). Below are a few URLs that you can try:
http://download.skype.com/SkypeSetup.exe
http://us.dl1.yimg.com/download.yahoo.com/dl/msgr8/us/msgr8us.exe
http://g.msn.com/8reen_us/EN/INSTALL_MSN_MESSENGER_DL.EXE
You will see an alert similar to the one shown below.
ActiveX Control
One of the most useful capabilities of Application Control is the ability to distinguish between
different types of ActiveX or Flash network traffic. This allows you to block games while
permitting Windows updates. Prior to Application Control, you could configure SonicOS to block
ActiveX with Security Services > Content Filter, but this blocked all ActiveX controls, including
your software updates.
Application Control achieves this distinction by scanning for the value of classid in the HTML
source. Each type of ActiveX has its own class ID, and the class ID can change for different
versions of the same application.