Blocking access to Messenger applications
Posted by Adrien de Croy (Import) on 10 October 2006 12:08 PM
We have found that blocking access to Messenger applications can be problematic due to the multiple connection methods that they use. If you block access to a URL or port they can fail-over to a secondary or tertiary connection method.|
The easiest way to stop your users accessing Messenger applications is to use the WinGate Internet Client (WGIC) on the client machines and the Central Config in the WinSock Redirector Service in WinGate. This way you can add the Messenger.exe file to the list of controlled applications and stop it from running at all on the client machines. There is no need to create any port blocking rules or URL bans as the application can't run so it can't connect.
To stop an application running on the client machines using the Central Config and the WGIC:
Install the WGIC on the client machines and make sure it connects to the WinGate server - for more information see the following knowledge base articles:
Configuring LAN clients to make a WGIC connection
Distributing the WGIC in an Active Directory environment
In GateKeeper open the WinSock Redirector Service on the System tab
Choose Central Config
Choose the user/group to apply the policy to
On the General settings tab set the default mode to MIXED
Ensure that CHECK THE CENTRAL APPLICATION LIST is checked
On the Applications tab click Add and enter the name of the executable (messenger.exe)
Set the mode type to APPLICATION TERMINATED
Ok your way out
The Messenger application will not be able to load on the client machines.
Please note that the Central Config menu is only available with an Enterprise license, so if you purchase a Standard or Professional license you will need to rely on port blocking and URL restrictions.
If you have any questions about this article please contact Qbik Support.