<div>
<div class="content wysiwyg-content">
I have set up two main HTTP access rules on my Forefront TMG server. The idea was to have a group of users who are allowed to download executable content, i.e. mainly ICT staff to download corporate applications and other authorised applications. The rest of the users were to be blocked from downloading content to prevent them from over utilizing bandwidth and downloading freeware / shareware that could cause issues on their computers.<br />
<br />
Even though the checkbox &quot;Block responses containing Windows executable content&quot; is unchecked for the authorised access rule and checked for the unauthorised group, I am not able to download executable content even though I am part of the authorised users.<br />
<br />
Secondly, I was wondering if there is a way to allow specific executable content for a few applications as an exception to the blocked executable content, that are used corporately and will require updates which come in the form of executable content e.g. Java and Adobe applications.
</div>
</div>


I have set up two main HTTP access rules on my Forefront TMG server. The idea was to have a group of users who are allowed to download executable content, i.e. mainly ICT staff to download corporate applications and other authorised applications. The rest of the users were to be blocked from downloading content to prevent them from over utilizing bandwidth and downloading freeware / shareware that could cause issues on their computers.

Even though the checkbox "Block responses containing Windows executable content" is unchecked for the authorised access rule and checked for the unauthorised group, I am not able to download executable content even though I am part of the authorised users.

Secondly, I was wondering if there is a way to allow specific executable content for a few applications as an exception to the blocked executable content, that are used corporately and will require updates which come in the form of executable content e.g. Java and Adobe applications.

Selective HTTP Filtering of Windows Executable Content in Forefront TMG

Microsoft Forefront, formerly known as Internet Security and Acceleration Server (ISA Server), is a network router, firewall, antivirus program, VPN server and web cache that runs on Windows servers. It includes identity management and protection systems, and discontinued systems for threat management and network protection, along with protection for Sharepoint and Exchange. The scope of discussions includes forward and reverse proxy, application and service publishing, virtual private networks (VPNs), outbound access rules, SSL certificates and network routing within either a single node or an highly-available array pairing.