From: Amazon, Brazil
you have to create two access rules:
User A will be able to use yahoo messenger but cannot download any EXE files.
Configure http filter to block executable files or just the .exe extension. To do that right click on the access rule, choose Configure HTTP Filter. On General tab you can mark Block reponses containing Windows executable content. Or go to the Extensions tab and choose Block specified extension (allow all others). Add the exetension you want to block.
User B will able to download EXE file but not able to use yahoo messenger.
Use the http filter to block yahoo messenger signature. Search in: Request headers HTTP header: Host Pattern: msg.yahoo.com
From: New Jersey
Pretty basic - you create 3 access rules for Yahoo IM, Access is by a domain group "YIM Users" for web (http, etc), Access is by domain group "EXE Downloaders" for web (http, etc); enable the filter to block EXE, Access is either All Users or Authenticated Users, depending on your needs
User A is a member of "YIM Users" group User B is a member of "EXE Downloaders" group
You'll need to define the proper protocols for Y! Messenger access, as they aren't in ISA by default.
The idea is that you permit specific traffic for specific user groups, then permit traffic for larger groups, then for all groups, then deny everything else - rules are defined most to least specific.