Back=right mouse click.
HTTP > Applets and ActiveX > Policies | Policy | ActiveX Security Rules
IWSVA Applets and ActiveX security allows you to block, at the HTTP gateway, and on behalf of all clients in the LAN, Windows cabinet and Portable Executable file types. IWSVA uses the file's true type rather than relying on the text filename extension.
Note: If you have notifications enabled (Notifications > Applets and ActiveX Instrumentation), clients will receive a message each time a file of the specified type is blocked.
Block all cabinet files—Select this option to prevent LAN clients from downloading Windows .CAB files. (.CAB files are not included in the virus scan compressed file blocking on the Virus Scan Policy page.) SHOW ME>>
Allow all cabinet files—Select this option to have IWSVA ignore Windows .CAB file downloads.
Verify signatures—Select this option to prevent LAN clients from downloading Windows .CAB files if:
Block unsigned—The IWSVA Signature Validation check finds that the ActiveX file is not signed.
Block flagged certificate(s)—The IWSVA Signature Validation check finds that the ActiveX file's certificate is flagged.
Block unprocessable—The IWSVA Signature Validation check finds that the ActiveX file's certificate is not valid.
If you have a virus scan policy that enables file blocking (Java, Executables), that policy takes precedence over PE file blocking (a subset of the "Executables" category). SHOW ME>>
Block all PE format files—Select this option to prevent LAN clients from downloading Windows COM objects, including .ocx, .exe, and .dll files.
Allow all PE format files—Select this option to ignore PE file downloads.
Verify signatures—Select this option to prevent LAN clients from downloading PE files if:
Block unsigned—The IWSVA Signature Validation check finds that the PE file is not signed.
Block flagged certificate(s)—The IWSVA Signature Validation check finds that the PE file's certificate is flagged.
Block unprocessable—The IWSVA Signature Validation check finds that the PE file's certificate is not valid.
Note: The Note field in the ActiveX Security Rules tab is the same Note field found in the Java Applet Security Rules tab. Therefore, when you make a note in one tab screen, it appears in the counterpart tab screen. Trend Micro recommends that when you make a note, you identify it as either a Java Applet Security Rules note or an ActiveX Security Rules note. For example: - Applet rules created by <ABCD> on <2345> - ActiveX rules created by <DFGH> on <6886>
