cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Block specific File extention

Hi,

Is there a way to block specific file extentions? I my case iqy and slk files. I know that they are supported in the newest Engine but how can I block them? I can't specify them in the SmartConsole and I've tried to block them with the "prohibited file types" (tecli command) but it wont work...

I wan to block all files with that extentions when they arrive via Mail...

Br

Robert

4 Replies

Re: Block specific File extention

Hi,

You can use DLP feature to block specific file types. Again you need to check that specific file types which you have mentioned is there in database or not. 

0 Kudos
Employee++
Employee++

Re: Block specific File extention

Hi Robert,

we extended TE´s file blocking capabilities since engine version 6.14 (Threat Emulation Engine Update - What's New? )- here is how to use it:

How to configure Threat Emulation blade to block files according to file types 

You need to enable "plain" context in case you want to block file types directly attached to e.g. an email:

Enabling plain prohibited file types

Enabling the prohibited file types feature in plain context.

On the Security Gateway, run the following command:

[Expert@HostName:0]# tecli advanced prohibited enable_plain 1

Regards Thomas

Re: Block specific File extention

Hi Robert,

I think you could use the content awarness blade.

You can create a new data type that matches your specific file extension and use it in access rules.

Regards,

Benoit

0 Kudos

Re: Block specific File extention

Yes.. is an idea but till we can use it we have to upgrade the cluster nodes to R80.10.. (which will be in some days).. Smiley Happy