Transition File Blocking Profiles Safely to Best Practices

The best practice File Blocking profile will likely be different for different types of applications and for different areas of the network. For example:
If internal applications depend on file type transfers that the best practice File Blocking profile recommends blocking, you need to allow those file types for those internal applications. Don’t allow those file transfer types for all applications, allow them only for the necessary internal applications.
For internet-based traffic, take a more restrictive approach from the start to prevent attackers from delivering malicious files and to reduce the attack surface.
For data center traffic, take a more restrictive approach (with the exception of internal applications that depend on file transfer types that you would otherwise block) to reduce the attack surface and protect your most valuable assets.
For business-critical applications, start off with the alert action for all file types.