Endpoint Protection

Is it possible to make an IPS signature that will prevent the download of certain files based file name?

I.e want to prevent people downloading itunes.exe or file that contains the word itunes.

Check the below link:

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/31c6ce23ee325eee882573770052e468?OpenDocument

And the attached PDF file.

As a sample, this link is usefull too:

https://www-secure.symantec.com/connect/articles/block-mp3-downloads-using-ips-signatures-sepm

I've tried this but it doesnt seem to work.

rule tcp, dest=(80,443), tcp_flag&ack, saddr=$LOCALHOST, msg="Virus detected", regexpcontent="[Gg][Ee][Tt] *[Ii][Tt][Uu][Nn][Ee][Ss].*\x0d\x0a"

Is it possible to even do a wildcard for "file name containing"?

Are you sure that the destination port which the application is using is 80 or 443?
This signature monitors only the request to the ports 80 and 443.
use Net Mon or Wireshark to inspect the packets.