diff options
| author | Luca Deri <deri@ntop.org> | 2024-01-29 11:37:04 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2024-01-29 11:37:04 +0100 |
| commit | ae501e2503f293ce1cdf7c240e7bc63887e359c5 (patch) | |
| tree | 457da5850d01ae3c8d4b68c282d49abb6868128d | |
| parent | 92c2ac5a0f14e4dc02de4c375d6e96aa3034b234 (diff) | |
Enhanced exception lists for binary application transfer
| -rw-r--r-- | src/lib/protocols/http.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 8360330cf..dd0508050 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -59,8 +59,13 @@ static void ndpi_set_binary_application_transfer(struct ndpi_detection_module_st char *msg) { /* Check known exceptions + https://learn.microsoft.com/en-us/windows/privacy/windows-endpoints-1909-non-enterprise-editions */ - if(ends_with(ndpi_struct, (char*)flow->host_server_name, ".windowsupdate.com")) + if(ends_with(ndpi_struct, (char*)flow->host_server_name, ".windowsupdate.com") + || ends_with(ndpi_struct, (char*)flow->host_server_name, ".microsoft.com") + || ends_with(ndpi_struct, (char*)flow->host_server_name, ".office365.com") + || ends_with(ndpi_struct, (char*)flow->host_server_name, ".windows.com") + ) ; else ndpi_set_risk(ndpi_struct, flow, NDPI_BINARY_APPLICATION_TRANSFER, msg); |