Resolution:
Learn how to create a policy in Symantec Email Security.cloud Data Protection to restrict commonly exploited filetypes by extension.
Create a policy to block files
- In the Symantec.cloud portal, navigate to Services > Data Protection.
- Create a new Data Protection policy, and configure it as follows:
- Name: Restricted file files
- Apply to: Inbound email only. Other options are available, which depend on the scope you desire.
- Execute if: All rules are met
- Action: Redirect to Administrator. Other actions are available, which depend on the result you intend.
- Administrator email: Configure a non-production administrator email address. This must be non-production address because Data Protection policy administrators are automatically whitelisted from all Data Protection policies to avoid mail loops.
- Notifications: None
- Add a new Rule, and configure it as follows:
- Name: Restricted files
- Set it to: ANY conditions are met
- Add a new condition, Attachment Filename List.
- Click Create a new filename List.
- Name: Potential Malicious files
The following entries are typical files blocked by Outlook 2010, but you can add more or remove some of the extensions as per your needs.
- *.ade
*.adp
*.app
*.asp
*.bas
*.bat
*.cer
*.chm
*.cla
*.class
*.cmd
*.cnt
*.com
*.cpl
*.crt
*.csh
*.der
*.exe
*.fxp
*.gadget
*.grp
*.hlp
*.hpj
*.hta
*.inf
*.ins
*.isp
*.its
*.jar
*.js
*.jse
*.ksh
*.lnk
*.link
*.mad
*.maf
*.mag
*.mam
*.maq
*.mar
*.mas
*.mat
*.mau
*.mav
*.maw
*.mcf
*.mda
*.mdb
*.mde
*.mdt
*.mdw
*.mdz
*.msc
*.msh
*.msh1
*.msh1xml
*.msh2
*.msh2xml
*.mshxml
*.msi
*.msp
*.mst
*.ocx
*.ops
*.osd
*.pcd
*.pif
*.pl
*.plg
*.prf
*.prg
*.ps1
*.ps1xml
*.ps2
*.ps2xml
*.psc1
*.psc2
*.pst
*.reg
*.scf
*.scr
*.sct
*.sh
*.shb
*.shs
*.url
*.vb
*.vbe
*.vbp
*.vbs
*.vsmacros
*.vsw
*.ws
*.wsc
*.wsf
*.wsh
*.xbap
*.xnk
The following list of file extensions are optional:
- *.dll
*.docm
*.gz
*.htm
*.html
*.pptm
*.rar
*.sfx
*.tar
*.tmp
*.xlsm
*.zip
- Click Save.
- Condition options:
- Attachment filename: matches any of the filenames in the selected lists
Note: This section is optional; you can implement this policy if you have a source which needs to send you these types of files. We will only add a Sender Domain list as an example, but you can add or use a Sender Group where you list email addresses instead. Data Protection happens after the antivirus scan. If files are detected as malicious, they'll be blocked by the Antivirus service.
- Add a new Rule, and configure it as follows:
- Name: Valid file senders
- Set it to: ANY conditions are met
- Add a new condition, Sender Domain List
- Click Create a new Domain List.
- Name: Approved file senders
- In this list we’ll add source domains deemed valid for the file restrictions above.
- example.com
- businesspartner.net
- Click Save.
- Condition options:
- Domain of the sender: is in none of the selected lists
Additional information