Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Enhance Block Override feature capabilities

Currently, the block override doesn't allow override of file extension blocks, as well as others, but it would be useful to optionally allow more granular control over where it does and does not work. For example:

>> Allow file extension or MIME type blocking
>> Allow files larger than the maximum download size
>> Prohibit some content categories from being overridden. For example, "Job Search" is blocked but can be overriden, but Nudity is blocked and cannot be overridden.

--- Original Request ---
There should be a button, when extension blocking blocked a file, that admins can click on and still download the file.
exe files as an example. Prevent normal users from downloading exe files while admins can download them. I download stuff von Vmware and Veeam regularly. Some of it are exe files. Right now it is simply to much of a hassle to have to go into the web gui and either exclude exe files from being blocked or haven to activate / deactivate an exception all the time.

1 vote
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Thomas SchönfeldThomas Schönfeld shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Alan ToewsAdminAlan Toews (Admin, Sophos Features & Ideas Laboratory) commented  ·   ·  Flag as inappropriate

        Hi Thomas,

        There are already ways to implement the goal you outlined, but more granular control of the existing block override feature would make some sense. Currently, it doesn't allow override of file extension blocks, but it would be useful to optionally allow only select content categories to be overridden, as well as allow file extension or MIME type blocking to be selectively overridden by some users. As such, I'll modify the feature request, rather than mark it as already possible.

        In your specific use-case, you do have some options now. You can create a different filter assignment for admin users than for other users, which does not block executable files. In 9.200, you can supplement this by changing the action to warn, so admins are warned when downloading executable files, but can still proceed. Other users could still be blocked by their filter profiles.

        If you're not using authentication, you can also create an exception from file extension blocking for selected workstations, by IP address. Either of these options allows you to implement the scenario you are asking.

      Feedback and Knowledge Base