For applications that aren't business-critical, start the transition to a best practices File
Blocking profile:
Inbound
and outbound traffic—Set the Action to block for
7z, bat, chm, class, cpl, dll, dlp, hta, jar, ocx, pif, scr, torrent,
vbe, and wsf files. Set the Action to alert for
all other files.
Internal traffic—Block 7z, bat, chm, class, cpl, dlp,
hta, jar, ocx, pif, scr, torrent, vbe, and wsf files (this is the
same as the inbound/outbound profile except it alerts on .dll files
instead of blocking them). Alert on all other files.
Block all of the following file types you can for users who don’t need them for business
purposes: cab, exe, flash, msi, Multi-Level-Encoding, PE, rar, tar,
encrypted-rar, and encrypted-zip.