Categories & Download Types

The Configuration > Group Policy > Default Policy > Categories & Download Types page allows you to configure how URL requests to sites categorized by content type and files categorized by download type are handled by the web appliance.

  1. Set the behavior that you want the web appliance to apply to each category listed in the Site categories section:
    • Allow: Lets users view sites of this classification.
    • Warn: Presents a warning to users that they are at risk of violating their organization’s web use policy, but allows them to proceed. Once a user has chosen to proceed, no warning page for that site will be displayed to that user for 30 minutes. If the site is in the Streaming Media category, proceeding will enable all streaming media for 30 minutes.
    • Block: Prevents users from viewing sites of this classification.
    Important Blocking Advertisements and Pop-ups also blocks content that appears behind interstitial pages, pages of advertising that appear prior to the loading of a requested content URL. In blocking these pages, the content that is behind them is also blocked.
  2. Allow user feedback from the notification pages by selecting this check box or remove this option by clearing it.

    This option applies to only low risk sites and to medium risk sites if they have been configured to be scanned.

    Note If this option is enabled, users’ requests from notification pages for site recategorizations or to allow downloading of file types or PUAs can be viewed in the Search > User Submissions pages.
  3. Select the download type controls that you want to apply.
    Note Download-type controls for Windows system files, Windows scripts, and Windows HTML App files are not supported in Endpoint Web Control.
    • Allow: Lets users download files of this type.
    • Warn: Presents a warning to users that they are at risk of violating their organization’s download policy, but allows them to proceed. A log entry is created when a user proceeds in possible contravention of the organization’s web use policy.
    • Block: Prevents users from downloading files of this type.
    Note The display of web appliance warning pages disrupts the playback of streaming media players, such as Windows Media Player, RealPlayer, and the QuickTime player. If you want to allow your users to play streaming media using any of these players, ensure that the Warn option is not selected.
    Important To enable access to Quicktime video with a warning displayed to users, set the Site category, "Streaming Media", with Warn enabled. Then set the Download type of "QuickTime Video (mov)" to Allow with Warn cleared. When users request a streaming QuickTime video URL, a warning page will be displayed, and when they click Proceed, the media stream will begin.
  4. Select the Sandstorm profile that you want to apply.
    • Send any suspicious files for analysis: all suspicious downloaded items will be sent for analysis in the Sophos Active Sandbox component of Sophos Sandstorm.
    • Exclude suspicious PDFs and documents: send all suspicious downloads for analysis in the Sophos Active Sandbox, except PDFs and other documents.
    • Do not send suspicious files for analysis: do not send any downloaded items for analysis, even if they are suspicious.
    Note The Sandstorm option is not available if you do not have a Sophos Sandstorm license.
  5. Block PUA Downloads from being downloaded by users by selecting this check box, or allow PUA downloads by clearing it.
    Note Specific PUAs can be allowed with this feature enabled by setting the exception on the Configuration > Global Policy > Download Options page.
  6. Click Apply.