This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Filr Whitelist and Blacklist correct configuration with ZCM?

Good afternoon Filr community! I come to you to ask about good practices.
This time we have a client with Filr4.3.1.3 and ZCM 2020sp3.

The client has the following list configured in Filr:

As a result of this policy, users receive the following message reporting that the server administrator has restricted the download of files through Filr to the following applications:

What actions do you recommend taking in clients who have Filr+ZCM?.

I'll look forward to hear back from you community. THANKS!.

Hugs from ARG.

  • 0  

    I am not sure I understand the issue.  Are you saying that the above configuration is causing an issue for the Filr users?

  • 0   in reply to   

    Hey Bob!, how are you?. Thanks for asking!.I'm currently abroad. 

    Let me check the current status of this customer. I'll keep you posted.

    Hugs.,

  • Verified Answer

    +1  

    This is a toss up between ease of use for your users and security.  I tend to go on the side of security and have this set at a whitelist.

    I would suggest not having it set for Whitelist and Blacklist, because any executable that is not in the white list or blacklist the user will be asked if it can access the directory.  Users get confused and will call support, and are also not known for making the best of decisions.  You can imagine them being asked if ramsonware.exe can access the files, they will often say Yes.  Not the best outcome!

    If you have it set on blacklist (the default) only the applications in the black list will be blocked.  I have had anti virus companies changing the name of their executable between versions, a new antivirus coming out etc, so the executable is not in the blacklist.  Then there is a mass download because the executable is not blocked when it scans the directory.  Again consider a program ransomeware.exe (or whatever) that we do not have in the black list that will cause major issues.  But this is the setting to use if you want to make life easy for the users.

    I tend to go for a white list, and poputale the list with the common executables, ie office etc.  Only those, and nothing else, will be able to dynamically download files.  You need to train your users that if they can not open a file they either need to 1, make it offline then open it, or 2 let the administrator know what application they need adding to the white list.

  • 0   in reply to   

    THANKS for your tremendous feedback Robin!!!. Hugs Muscle