Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Collaborator

Block specific File extention

Hi,

Is there a way to block specific file extentions? I my case iqy and slk files. I know that they are supported in the newest Engine but how can I block them? I can't specify them in the SmartConsole and I've tried to block them with the "prohibited file types" (tecli command) but it wont work...

I wan to block all files with that extentions when they arrive via Mail...

Br

Robert

5 Replies
Highlighted

Hi,

You can use DLP feature to block specific file types. Again you need to check that specific file types which you have mentioned is there in database or not. 

0 Kudos
Reply
Highlighted
Employee++
Employee++

Hi Robert,

we extended TE´s file blocking capabilities since engine version 6.14 (Threat Emulation Engine Update - What's New? )- here is how to use it:

How to configure Threat Emulation blade to block files according to file types 

You need to enable "plain" context in case you want to block file types directly attached to e.g. an email:

Enabling plain prohibited file types

Enabling the prohibited file types feature in plain context.

On the Security Gateway, run the following command:

[Expert@HostName:0]# tecli advanced prohibited enable_plain 1

Regards Thomas

Highlighted
Contributor

Hi Robert,

I think you could use the content awarness blade.

You can create a new data type that matches your specific file extension and use it in access rules.

Regards,

Benoit

0 Kudos
Reply
Highlighted
Collaborator

Yes.. is an idea but till we can use it we have to upgrade the cluster nodes to R80.10.. (which will be in some days).. Smiley Happy

Highlighted
Participant

I enabled Content Awareness, created a rule to block executable files, pushed policy.

I am still able to download exe files.

0 Kudos
Reply