You can now quickly and easily enforce the best practice File Blocking settings on
your Security policy allow rules using two new predefined File Blocking profiles. For most traffic
(including traffic on your internal network) you will want to block
files that are known to carry threats or that have no real use case
for upload/download to ensure that malware is not sneaking into
your network or that sensitive data is not being exfiltrated out
of your network in legitimate traffic.
The new profiles are intended a starting point that you can use
to clone and modify per your specific business requirements:
basic file blocking
—Attach this profile to the
Security policy rules that allow traffic to and from less sensitive
applications to block files that are commonly included in malware
attack campaigns or that have no real use case for upload/download.
It blocks upload and download of PE files (.scr, .cpl, .dll, .ocx,
.pif, .exe), Java files (.class, .jar), Help files (.chm, .hlp)
and other potentially malicious file types, including .vbe, .hta,
.wsf, .torrent, .7z, .rar, .bat. Additionally, it prompts users
to acknowledge when they attempt to download encrypted-rar or encrypted-zip
files. This rule alerts on all other file types to give you complete
visibility into all file types coming in and out of your network.
strict file blocking
—Use this stricter profile on
the Security policy rules that allow access to your most sensitive
applications. This profile blocks the same file types as the other
profile, and additionally blocks flash, .tar, multi-level encoding,
.cab, .msi, encrypted-rar, and encrypted-zip files.