https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-specific-File-extention/m-p/34308#M13883 <HTML><HEAD></HEAD><BODY><P>Yes.. is an idea but till we can use it we have to upgrade the cluster nodes to R80.10.. (which will be in some days).. <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.checkpoint.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P></BODY></HTML> Thu, 09 Aug 2018 08:23:04 GMT Robert_Mueller 2018-08-09T08:23:04Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-specific-File-extention/m-p/34304#M13879 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Is there a way to block specific file extentions? I my case iqy and slk files. I know that they are supported in the newest Engine but how can I block them? I can't specify them in the SmartConsole and I've tried to block them with the "prohibited file types" (tecli command) but it wont work...</P><P>I wan to block all files with that extentions when they arrive via Mail...</P><P></P><P>Br</P><P>Robert</P></BODY></HTML> Wed, 27 Jun 2018 11:53:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-specific-File-extention/m-p/34304#M13879 Robert_Mueller 2018-06-27T11:53:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-specific-File-extention/m-p/34305#M13880 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>You can use DLP feature to block specific file types. Again you need to check that specific file types which you have mentioned is there in database or not.&nbsp;</P></BODY></HTML> Wed, 27 Jun 2018 12:44:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-specific-File-extention/m-p/34305#M13880 Gaurav_Pandya 2018-06-27T12:44:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-specific-File-extention/m-p/34306#M13881 <HTML><HEAD></HEAD><BODY><P>Hi Robert,</P><P></P><P>we extended TE´s file blocking capabilities since engine version 6.14 (<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk95235" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk95235">Threat Emulation Engine Update - What&amp;apos;s New?</A>&nbsp;)- here is how to use it:</P><P></P><P><A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk123140" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk123140">How to configure Threat Emulation blade to block files according to file types</A>&nbsp;</P><P></P><P>You need to enable "plain" context in case you want to block file types directly attached to e.g. an email:</P><P style="color: #000000; background-color: #ffffff; font-size: 14px;"></P><P style="color: #000000; background-color: #ffffff; font-size: 14px;"><STRONG>Enabling plain prohibited file types</STRONG></P><P style="color: #000000; background-color: #ffffff; font-size: 14px;">Enabling the prohibited file types feature in<SPAN>&nbsp;</SPAN><STRONG>plain</STRONG><SPAN>&nbsp;</SPAN>context.</P><P style="color: #000000; background-color: #ffffff; font-size: 14px;">On the Security Gateway, run the&nbsp;following&nbsp;command:</P><P style="color: #000000; background-color: #ffffff; font-size: 14px; padding-left: 30px;"><EM>[Expert@HostName:0]# tecli advanced prohibited enable_plain 1</EM></P><P style="color: #000000; background-color: #ffffff; font-size: 14px;"></P><P style="color: #000000; background-color: #ffffff; font-size: 14px;"></P><P style="color: #000000; background-color: #ffffff; font-size: 14px;"></P><P style="color: #000000; background-color: #ffffff; font-size: 14px;"><SPAN style="color: #3d3d3d;">Regards Thomas</SPAN></P></BODY></HTML> Thu, 28 Jun 2018 09:35:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-specific-File-extention/m-p/34306#M13881 Thomas_Werner 2018-06-28T09:35:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-specific-File-extention/m-p/34307#M13882 <HTML><HEAD></HEAD><BODY><P>Hi Robert,</P><P></P><P>I think you could use the content awarness blade.</P><P>You can create a new data type that matches your specific file extension and use it in access rules.</P><P></P><P><IMG alt="" class="image-1 jive-image" height="216" src="https://community.checkpoint.com/legacyfs/online/checkpoint/67999_8.png" width="526" /></P><P></P><P>Regards,</P><P></P><P>Benoit</P></BODY></HTML> Thu, 09 Aug 2018 08:20:54 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-specific-File-extention/m-p/34307#M13882 Benoit_Verove 2018-08-09T08:20:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-specific-File-extention/m-p/34308#M13883 <HTML><HEAD></HEAD><BODY><P>Yes.. is an idea but till we can use it we have to upgrade the cluster nodes to R80.10.. (which will be in some days).. <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.checkpoint.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P></BODY></HTML> Thu, 09 Aug 2018 08:23:04 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-specific-File-extention/m-p/34308#M13883 Robert_Mueller 2018-08-09T08:23:04Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-specific-File-extention/m-p/57825#M13884 <P>I enabled Content Awareness, created a rule to block executable files, pushed policy.</P><P>I am still able to download exe files.</P> Tue, 09 Jul 2019 18:46:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-specific-File-extention/m-p/57825#M13884 An_Nguyen 2019-07-09T18:46:13Z