Most of you are probably aware of security risk with TLD like .zip or .mov.

We thought about technical ways to prevent accessing such TLD Domains. First things where:

Firewall → blocking those TLDs trough
DNS Server → redirecting such TLDs to a secure target or an internal one

Problem with this is: You only get protection for clients that are within the networks that those devices are protect. Whereas with Avast we could protect almost all client devices, especially those in home office and remote locations.
We have plenty of customer clients where this would be more efficient blocking via Avast Client…

Problem with URL blocking ist that something like *.zip will prevent downloads that are necessary.

Anyone else with an idea how to solve this issue with avast?

Maybe it is time for Avast to evolve the webshield with a small extra menue that is particular for this security risk!

For home office and remote locations you can active “Real Site” feature to ensure a good DNS resolution.

Yeah… maybe but as you probably know this feature is nothing for business users. We had problems with real site in the past with one customer… had to disable it then.
And we also have customers that use their device sometimes at home and sometimes in the company. This will rule out real site or at least will bring other problems with it.

How about using something like that: https://..zip/*

Other option is to use Web Control feature when available.