Can Push block file downloads?

Yes, you can configure Push to block unauthorized, risky, or unpermitted file downloads.

For example, you may wish to block or warn users when they attempt to download files from corporate apps that may contain sensitive information, or when attempting to download files in risky formats such as executables.

To enable this control, go to Controls > File download blocking in the Push admin console.

Create a configuration rule and set the Mode (Allow, Monitor, Warn, Block), the Scope (all employees, employee groups, or specific individuals; as well as which browser profiles the rule applies to), the Conditions (any file, file extensions, file names, or file name patterns; and the URLs or URL patterns where the download will be restricted).

Push provides common file types to select from, such as Windows and macOS executable formats, scripting files, documents with macros, etc.

In Warn or Block modes, you will also specify the page text that end-users will see when they attempt to download a file matching your conditions.

Webhook events will be emitted when the control is triggered so you can easily audit when employees were warned or blocked from downloading a file.

In Monitor mode, end-users will not be notified when a download is observed. Push will emit a control event to help easily validate the impact of a potential future blocking policy.

In Warn mode, a user’s download will be paused at the browser level and they will see your warn banner. The user will need to select the acknowledge button in the banner and the download will automatically resume.

In Block mode, a user’s download will be canceled at the browser level and they will see your block banner.

You can also choose to consume a telemetry stream of all file download events in your environment. See this related help article.

This feature is available on all browsers that Push supports, except Safari.