- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Block specific File extention
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Block specific File extention
Hi,
Is there a way to block specific file extentions? I my case iqy and slk files. I know that they are supported in the newest Engine but how can I block them? I can't specify them in the SmartConsole and I've tried to block them with the "prohibited file types" (tecli command) but it wont work...
I wan to block all files with that extentions when they arrive via Mail...
Br
Robert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You can use DLP feature to block specific file types. Again you need to check that specific file types which you have mentioned is there in database or not.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Robert,
we extended TE´s file blocking capabilities since engine version 6.14 (Threat Emulation Engine Update - What's New? )- here is how to use it:
How to configure Threat Emulation blade to block files according to file types
You need to enable "plain" context in case you want to block file types directly attached to e.g. an email:
Enabling plain prohibited file types
Enabling the prohibited file types feature in plain context.
On the Security Gateway, run the following command:
[Expert@HostName:0]# tecli advanced prohibited enable_plain 1
Regards Thomas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Robert,
I think you could use the content awarness blade.
You can create a new data type that matches your specific file extension and use it in access rules.
Regards,
Benoit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes.. is an idea but till we can use it we have to upgrade the cluster nodes to R80.10.. (which will be in some days)..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I enabled Content Awareness, created a rule to block executable files, pushed policy.
I am still able to download exe files.
