Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Robert_Mueller
Collaborator

Block specific File extention

Hi,

Is there a way to block specific file extentions? I my case iqy and slk files. I know that they are supported in the newest Engine but how can I block them? I can't specify them in the SmartConsole and I've tried to block them with the "prohibited file types" (tecli command) but it wont work...

I wan to block all files with that extentions when they arrive via Mail...

Br

Robert

5 Replies
Gaurav_Pandya
Advisor

Hi,

You can use DLP feature to block specific file types. Again you need to check that specific file types which you have mentioned is there in database or not. 

0 Kudos
Thomas_Werner
Employee Alumnus
Employee Alumnus

Hi Robert,

we extended TE´s file blocking capabilities since engine version 6.14 (Threat Emulation Engine Update - What's New? )- here is how to use it:

How to configure Threat Emulation blade to block files according to file types 

You need to enable "plain" context in case you want to block file types directly attached to e.g. an email:

Enabling plain prohibited file types

Enabling the prohibited file types feature in plain context.

On the Security Gateway, run the following command:

[Expert@HostName:0]# tecli advanced prohibited enable_plain 1

Regards Thomas

Benoit_Verove
Contributor

Hi Robert,

I think you could use the content awarness blade.

You can create a new data type that matches your specific file extension and use it in access rules.

Regards,

Benoit

0 Kudos
Robert_Mueller
Collaborator

Yes.. is an idea but till we can use it we have to upgrade the cluster nodes to R80.10.. (which will be in some days).. Smiley Happy

An_Nguyen
Participant

I enabled Content Awareness, created a rule to block executable files, pushed policy.

I am still able to download exe files.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events