Thank you, all, for your help on this! I did ultimately take the route of creating two FQDN address objects (*.zip and *.mov), a new Address Group including these two objects, and a DENY LAN -> WAN rule. This is now working in our environment to prevent access to various test .zip and .mov websites. I also appreciate the…
I was hoping to find this issue resolved since it's been known for nearly a year now, but disheartened that Sonicwall, a security company, has not fixed their software and instead recommends turning off an OS kernel-level security feature. That's... unfortunate.