Starting with Symantec Protection Engine (SPE) 7.5.3 has the ability to block files based on the underlying file type.  This happens regardless of the extension of the file.

Steps for enabling to this functionality

1. Create a text file that contains the list of files to block.  Available file formats are available in File Types
2. Copy the text file to the installation folder for Protection Engine.  See list of default locations below
3. Stop the SPE service
4. Open a command prompt as an administrator
5. change to the SPE installation folder.
6. Enable the feature: xmlmodifier -s //filtering/FileAttribute/FileTypeFilteringEnabled/@value true filtering.xml
7. Import the list of file formats to block: xmlmodifier -b //filtering/FileAttribute/DenyFileTypes/items <file created in step one> filtering.xml
8. Start the SPE service

Default installation locations:

• SPE 7.8.x and above
  • Windows: C:\Program Files\Symantec\Scan Engine
  • Linux: /opt/SYMCScan/bin