Block all cabinet files—Select this
option to prevent LAN clients from downloading Windows .CAB files. (.CAB
files are not included in the virus scan policy option to block compressed
files).
Allow all cabinet files—Select this
option to have IWSVA ignore Windows .CAB file downloads.
Verify signatures—Select this option
to prevent LAN clients from downloading Windows .CAB files if:
Block invalid—The IWSVA Signature Validation
(HTTP > Settings > ActiveX Executables) check finds that the ActiveX
file's certificate is not valid.
Block unsigned—The IWSVA Signature Validation
check finds that the ActiveX file's certificate is not signed.
Portable executable (PE) files—If you
have a virus scan policy that enables file blocking (Java, Executables),
that policy will take precedence over PE file blocking (a sub-set of the
"Executables" category).
Block PE format files—Select this option
to prevent LAN clients from downloading Windows COM objects, including
.ocx, .exe, and .dll files.
Allow
PE format files—Select this option ignore PE file downloads.
Verify
signatures—Select this option to prevent LAN clients from downloading
PE files if:
Block invalid—The IWSVA Signature Validation
check finds that the PE file's certificate is not valid.
Block unsigned—The IWSVA Signature Validation
check finds that the PE file's certificate is not signed.
Enforce policy for all signed PE format executables
(not just ActiveX/COM objects)—When selected, all PE files will
be scanned, not just COM objects of which ActiveX controls are a subtype.
Note that this may affect performance.