How do you block Windows Live Messenger on the Cisco Web Security Appliance?

Question

How do you block Windows Live Messenger on the Cisco Web Security Appliance?

Environment

Cisco Web Security appliance (WSA) running AsyncOS 5.6.x and above, and Windows Live Messenger.

To be able to block Windows Live Messenger on the Cisco Web Security appliance (WSA), we must first make sure that direct Internet connections from users to external servers over TCP port 1863 are blocked. This is because Windows Live Messenger will try first to connect using this port, even if Microsoft Internet Explorer (IE) is explicitly configured to use a proxy.

If Windows Live Messenger is configured to inherit proxy settings from Internet Explorer, then it is possible to block this connection by matching its request using an HTTP user-agent string "Windows Live Messenger" and blocking HTTP protocol on the corresponding Access Policy.

Blocking Windows Live Messenger in Explicit Mode

Please follow the steps below.

1. Choose Web Security Manager > Identities and click Add Identity.
   
   Name : Windows Live Messenger
   Insert Above : Set to order 1
   Define Members by Subnet : Blank or Define a IP address range/subnet
   Define Members by Authentication : You may choose to use authentication to be able to log the requests by username
   Advanced : Click Advanced, then click None Selected for User Agents and under Custom User Agents type: Windows Live Messenger & then click Done
   
   Click Submit to configure this Identity.
   
   
2. Choose Web Security Manager > Access Policies and click Add Policy.
   
   Policy Name : Block Windows Live Messenger
   Insert Above Policy : Set to Order 1
   Identity Policy : "Windows Live Messenger"
   Advanced : None
   
   Click Submit to configure this Access Policy.
   
   
3. Choose Web Security Manager > Access Policies  and for the Access Policy "Block Windows Live Messenger", click (global policy) under Application.
   
   
4. Under Edit Applications Settings, choose Define Applications Custom Settings.
   
   
5. Under Protocol Controls > Block Protocols > select HTTP.
   
   
6. Submit and commit changes.

Blocking Windows Live Messenger using AVC

This is for AsynOS versions 7.1.x, 7.5.x and above with Application Visibility Controls (AVC) enabled.

The AVC engine on WSA has signatures to Identify the "Windows Live Messenger" application. We can use the AVC signatures to block Window Live Messenger traffic as well.

In this case, we do not need to create a separate access policy and Identity like above

To block Windows Live Messenger using AVC, please follow the below steps.

1. Click Web Security Manager > Access Policies.
   
   
2. For either Global Policy or any specific access policy, click the link under Applications.
   
   
3. Under Instant Messaging, configure Windows Live Messenger to Block.
   
   
4. Submit and commit changes.