Appendix — File Edit Block
The Workspace Windows Client 7.2.0.1099 fixes the Download restriction policy bypassed via Save As in the browser by introducing the File Edit Block policy. This strengthens the enforcement of file protection by preventing target applications from overwriting existing files when the File Edit Block policy is enabled.
Note
File Edit Block is a sub-feature of Download Block in AppControl. If Download Block is not configured, File Edit Block will not function — even if it is configured on the gateway. Both Download Block and File Edit Block apply only to processes listed in the createFileW rule blocks of RuleDigest.txt. Processes not listed are automatically exempted from both policies.
Supported Client Platforms & Gateway Compatibility
This enhancement is supported on the following client modes and types with HySecure Gateway versions 5.4 SP6, 7.0, and above:
| Supported Client Modes and OS | 5.4 SP6 | 7.0 | 7.1 and above |
|---|---|---|---|
| Full Admin Client and Workspace OnDemand Client on Windows 10, 11 OS Supported | Yes | Yes | Yes |
| Hybrid mode | Yes | Yes | Yes |
| HyLite mode | No | No | No |
| On-Demand Client | Yes | Yes | Yes |
Gateway Configuration
To enable the File Edit Block on the gateway:
- Upload
rulefile.txtto/home/fes/publicwith appropriate permissions. - Enable Launch App Control on the HySecure gateway: Policies > Client Profiles.
- To apply the policy to specific users, add the File Edit Block tags to a custom profile policy.
- To apply the policy to all users and groups, add the following tags to
defaultclientsettings.jsin/home/fes/public:
| Tag name | Tag value | Remark |
|---|---|---|
| FILE_EDIT_BLOCK | true | Enables the File Edit Block |
| FILE_EDIT_BLOCK | false | Disables the File Edit Block |
| FILE_EDIT_BLOCK | null/empty | Disables the File Edit Block (default) |
| FILE_EDIT_BLOCK_BYPASS_LIST | Example: wordpad.exe | Comma-separated list of applications excluded from the File Edit Block |
Client Behavior After Login
After the gateway configuration is complete:
- Install Workspace Windows Client 7.2.0.1099 on the target system.
- Log in to the client.
- Any attempt to overwrite or save over an existing file using a target application and extension listed in the
createFileWrule block ofrulefile.txtis blocked.
Example: Notepad.exe with the .txt extension is listed in rulefile.txt for the createFileW rule under HySecure 7.x series. An attempt to overwrite an existing.txt file using Notepad is blocked. An attempt to run wordpad.exe is not blocked because it is on the bypass list.
Troubleshooting
To investigate File Edit Block issues:
- Check
uaclogs.log at %temp%\Accops. - Check the debug view logs.
- Check the
ruledigest.txtdownloaded to%temp%\Accopsto verify the active rules.
Known limitations
Refer to the known issues table for File Edit Block limitations (bug IDs 69480, 69482, 69515, 69569, 69570).