Allowing Executables for Software Updates
I'm wondering how everyone else is managing allowing programs to download executables so they can auto update (Java, Adobe, Citrix, Etc)?
It seems there are three main ways, 1 - Add HTTP/S Proxy Exceptions for each affected domain, 2 - setup a new proxy rule that allows executables or 3 - Setup a new packet rule for 80/443. In all cases, you would only add the Networks/FQDN's needed to download the executables.
Right now I have a "Software Downloads" packet rule setup which uses a Software Updates Alias. This seems to work well and allows for reporting however, I'm wondering how it compares to everyone else solution.