PDF(7.4 KB) View with Adobe Reader on a variety of devices
Updated:August 12, 2014
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
How do you block Windows Live Messenger on the Cisco Web Security Appliance?
Cisco Web Security appliance (WSA) running AsyncOS 5.6.x and above, and Windows Live Messenger.
To be able to block Windows Live Messenger on the Cisco Web Security appliance (WSA), we must first make sure that direct Internet connections from users to external servers over TCP port 1863 are blocked. This is because Windows Live Messenger will try first to connect using this port, even if Microsoft Internet Explorer (IE) is explicitly configured to use a proxy.
If Windows Live Messenger is configured to inherit proxy settings from Internet Explorer, then it is possible to block this connection by matching its request using an HTTP user-agent string "Windows Live Messenger" and blocking HTTP protocol on the corresponding Access Policy.
Blocking Windows Live Messenger in Explicit Mode
Please follow the steps below.
Choose Web Security Manager > Identities and click Add Identity.
Name : Windows Live Messenger Insert Above : Set to order 1 Define Members by Subnet : Blank or Define a IP address range/subnet Define Members by Authentication : You may choose to use authentication to be able to log the requests by username Advanced : Click Advanced, then click None Selected for User Agents and under Custom User Agents type: Windows Live Messenger & then click Done
Click Submit to configure this Identity.
Choose Web Security Manager > Access Policies and click Add Policy.
Policy Name : Block Windows Live Messenger Insert Above Policy : Set to Order 1 Identity Policy : "Windows Live Messenger" Advanced : None
Click Submit to configure this Access Policy.
Choose Web Security Manager > Access Policies and for the Access Policy "Block Windows Live Messenger", click (global policy) under Application.
Under Edit Applications Settings, choose Define Applications Custom Settings.
Under Protocol Controls > Block Protocols > select HTTP.
Submit and commit changes.
Blocking Windows Live Messenger using AVC
This is for AsynOS versions 7.1.x, 7.5.x and above with Application Visibility Controls (AVC) enabled.
The AVC engine on WSA has signatures to Identify the "Windows Live Messenger" application. We can use the AVC signatures to block Window Live Messenger traffic as well.
In this case, we do not need to create a separate access policy and Identity like above
To block Windows Live Messenger using AVC, please follow the below steps.
Click Web Security Manager > Access Policies.
For either Global Policy or any specific access policy, click the link under Applications.
Under Instant Messaging, configure Windows Live Messenger to Block.