Predefined File Blocking Profiles

You can now quickly and easily enforce the best practice File Blocking settings on your Security policy allow rules using two new predefined File Blocking profiles. For most traffic (including traffic on your internal network) you will want to block files that are known to carry threats or that have no real use case for upload/download to ensure that malware is not sneaking into your network or that sensitive data is not being exfiltrated out of your network in legitimate traffic.
The new profiles are intended a starting point that you can use to clone and modify per your specific business requirements:
  • basic file blocking—Attach this profile to the Security policy rules that allow traffic to and from less sensitive applications to block files that are commonly included in malware attack campaigns or that have no real use case for upload/download. It blocks upload and download of PE files (.scr, .cpl, .dll, .ocx, .pif, .exe), Java files (.class, .jar), Help files (.chm, .hlp) and other potentially malicious file types, including .vbe, .hta, .wsf, .torrent, .7z, .rar, .bat. Additionally, it prompts users to acknowledge when they attempt to download encrypted-rar or encrypted-zip files. This rule alerts on all other file types to give you complete visibility into all file types coming in and out of your network.
  • strict file blocking—Use this stricter profile on the Security policy rules that allow access to your most sensitive applications. This profile blocks the same file types as the other profile, and additionally blocks flash, .tar, multi-level encoding, .cab, .msi, encrypted-rar, and encrypted-zip files.
    predefined-file-blocking-profiles.png

Related Documentation