Use the predefined strict
File Blocking profile to block files that
are commonly included in malware attack campaigns and that have
no real use case for upload/download. Blocking these files reduces
the attack surface. The predefined strict profile blocks batch files,
DLLs, Java class files, help files, Windows shortcuts (.lnk), BitTorrent
files, .rar files, .tar files, encrypted-rar and encrypted-zip files,
multi-level encoded files (files encoded or compressed up to four
times), .hta files, and Windows Portable Executable (PE) files,
which include .exe, .cpl, .dll, .ocx, .sys, .scr, .drv, .efi, .fon,
and .pif files. The predefined strict profile alerts on all other
file types for visibility into other file transfers so that you
can determine if you need to make policy changes.