I am trying to allow "Ad-aware SE" to access the internet. I have a rule that gives certain staff full internet access but "Ad-aware" will not update unless I give all users internet access. I have similar problems with a number of programs including one called "FTP commander". I also have a rule further up the list to block some users and if this is on it blocks Ad-aware even if I have given the all users group full access. I know I must be doing some thing wrong but I'm not sure what! Any help would be appreciated.
There is an order in which ISA access rules are processed. Basically rules are processed from top to bottom. That is why the default rule is at the very bottom to deny all traffic that doesnt match any rules defined.
YOu need to see what protocols are used by your apps to update (most certaintly http and possibly ftp) and then ensure traffic to those destinations aren't blocked. Obviously check the destinations to ensure they are legit sites you trust. Then create rules with the correct source/destination and user objects to ensure its not blocked.
You also need to note the permissions of the end users that are running these apps that are tring to self update. Some apps check to see if the user has local admin rights and if not, they terminate. Therefore, even if your access rules are correct, they wont even try to access the updates sites. Check ISA logs to ensure the clients are trying to access the updates
P.S. It doesnt hurt to read manuals you know ;-) Gives more of an incentive for the forum readers to answer if they see the question poster is making an effort themselves.
The rule does not work no matter where I put it, top, bottom or middle. I am trying to do the updates on a computer that I have logged on to as the domain admin, so there should be no problems with user permissions.
I have been on an ISA course, I have read some books (including manuals) and looked on the web (isaserver.org etc), and I still don't think that ISA is as easy and intuitive to use as other firewalls I have used. This post was a last resort having exhausted all other avenues so thanks for your help.
If it makes you feel any better, I have the same problem with Ad-aware, as well as a few other programs / sites. If I try coding Ad-aware to use a proxy server with user authentication, it fails every time. The only way I've gotten around this is to allow All Users access to *.lavasoft.com
I have the same issue with UPS and DHL. Our company uses their WorldShip and SwiftShip software respectively and we can't connect to their servers for updates or to send manifests. Once again, if I add proxy information to their software, it won't authenticate any of my users. I have to Allow all users access.....and all outbound traffic.