This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Robert_Mueller
Collaborator
‎2018-06-27 04:53 AM

Block specific File extention

Hi,

Is there a way to block specific file extentions? I my case iqy and slk files. I know that they are supported in the newest Engine but how can I block them? I can't specify them in the SmartConsole and I've tried to block them with the "prohibited file types" (tecli command) but it wont work...

I wan to block all files with that extentions when they arrive via Mail...

Br

Robert

5 Replies
Gaurav_Pandya
Advisor
‎2018-06-27 05:44 AM

Hi,

You can use DLP feature to block specific file types. Again you need to check that specific file types which you have mentioned is there in database or not. 

0 Kudos
Thomas_Werner
Employee Alumnus
Employee Alumnus
‎2018-06-28 02:35 AM

Hi Robert,

we extended TE´s file blocking capabilities since engine version 6.14 (Threat Emulation Engine Update - What's New? )- here is how to use it:

How to configure Threat Emulation blade to block files according to file types 

You need to enable "plain" context in case you want to block file types directly attached to e.g. an email:

Enabling plain prohibited file types

Enabling the prohibited file types feature in plain context.

On the Security Gateway, run the following command:

[Expert@HostName:0]# tecli advanced prohibited enable_plain 1

Regards Thomas

Benoit_Verove
Contributor
‎2018-08-09 01:20 AM

Hi Robert,

I think you could use the content awarness blade.

You can create a new data type that matches your specific file extension and use it in access rules.

Regards,

Benoit

0 Kudos
Robert_Mueller
Collaborator
‎2018-08-09 01:23 AM
In response to Benoit_Verove

Yes.. is an idea but till we can use it we have to upgrade the cluster nodes to R80.10.. (which will be in some days).. Smiley Happy

An_Nguyen
Participant
‎2019-07-09 11:46 AM
In response to Benoit_Verove

I enabled Content Awareness, created a rule to block executable files, pushed policy.

I am still able to download exe files.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events