none
Whitelisting Local Drive Locations - Out-of-Date Activex Java Control Blocking RRS feed

  • Question

  • Greetings,

    We've had success in adapting and whitelisting trusted domains with the recent addition of IE blocking dated versions of Java.

    However, Cisco Securemail uses a attached .htm that a few agencies send to our associates that are opened locally on their PCs then authenticate to a service in the cloud-- these .htm files embed the use of Java. We can whitelist and authenticate fine to those services, but the initial local Java pop-up has proved troublesome.

    The following TechNet article touches on how to whitelist a local location, but it's specific to user profile andthe name of the file. http://technet.microsoft.com/en-us/library/dn761713.aspx. Is there a means of which to whitelist an entire directory of files and folders to avoid this? I've tried file:///C:/Users/ and file:///C:/Users/*" but haven't had any luck. I realize I could turn this off altogether, and that whitelisting C:\Users isn't very secure-- but we're really like to keep as much of this functionality in place as possible.


    JMHahn


    • Edited by JMHahn Monday, September 15, 2014 7:14 PM
    Monday, September 15, 2014 7:12 PM

Answers

  • Hi,

    you should have already set Internet Options>Advanced tab, check "Allow active content to run in files on my computer"?

    by default local web content using the file protocol maps to the Internet Zone and you cannot map it to domain white list as there is none.

    Your only respite is to update the client version of Java JRT installed.

    alternatively ,

    if the report was sent as a link to a html resource on an accessible domain instead of as an attachment, then you could white list that domain by adding it to your trusted sites list.

    Regards.


    Rob^_^

    • Marked as answer by JMHahn Tuesday, September 16, 2014 1:41 PM
    Tuesday, September 16, 2014 5:13 AM
  • These are typically sent as an attachment and not as an link to a resource on an accessible domain. It's still a simple work-around in either case-- we're just trying to prevent any extra prompts on the user's part.

    Ultimately I'd love to keep Java up to date, but we're hamstrung by a fairly important legacy app which won't work with newer versions of Java.

    Thank you very much for the information and your time, Rob!


    JMHahn

    Tuesday, September 16, 2014 1:41 PM

All replies

  • Hi,

    you should have already set Internet Options>Advanced tab, check "Allow active content to run in files on my computer"?

    by default local web content using the file protocol maps to the Internet Zone and you cannot map it to domain white list as there is none.

    Your only respite is to update the client version of Java JRT installed.

    alternatively ,

    if the report was sent as a link to a html resource on an accessible domain instead of as an attachment, then you could white list that domain by adding it to your trusted sites list.

    Regards.


    Rob^_^

    • Marked as answer by JMHahn Tuesday, September 16, 2014 1:41 PM
    Tuesday, September 16, 2014 5:13 AM
  • These are typically sent as an attachment and not as an link to a resource on an accessible domain. It's still a simple work-around in either case-- we're just trying to prevent any extra prompts on the user's part.

    Ultimately I'd love to keep Java up to date, but we're hamstrung by a fairly important legacy app which won't work with newer versions of Java.

    Thank you very much for the information and your time, Rob!


    JMHahn

    Tuesday, September 16, 2014 1:41 PM