How to create a data protection policy to block attachments that are potentially malicious.

Email Security.Cloud

Learn how to create a policy in Symantec Email Security.cloud Data Protection to restrict commonly exploited filetypes by extension.

Create a policy to block files

1. In the Symantec.cloud portal, navigate to Services > Data Protection.
2. Create a new Data Protection policy, and configure it as follows:
    
   • Name: Restricted file files.
   • Apply to: Inbound email only. Other options are available, which depend on the scope you desire.
   • Execute if: All rules are met.
   • Action: Redirect to Administrator. Other actions are available, which depend on the result you intend.
   • Administrator email: Configure a non-production administrator email address. This must be non-production address because Data Protection policy administrators are automatically whitelisted from all Data Protection policies to avoid mail loops.
   • Notifications: None.
      
3. Add a new Rule, and configure it as follows:
   • Name: Restricted files.
   • Set it to: ANY conditions are met.
      
   • Add a new condition, Attachment Filename List.
   • Click Create a new filename List.
   • Name: Potential Malicious files.
     
     The following entries are typical files blocked by Outlook 2010, but you can add more or remove some of the extensions as per your needs:
     
     

     Access Project Extension (Microsoft)	*.ade
     Access Project (Microsoft)	*.adp
     Executable Application	*.app
     Active Server Page	*.asp
     BASIC Source Code	*.bas
     Batch Processing	*.bat
     Internet Security Certificate File	*.cer
     Compiled HTML Help	*.chm
     DOS CP/M Command File, Command File for Windows NT	*.cmd
     Command	*.com
     Windows Control Panel Extension (Microsoft)	*.cpl
     Certificate File	*.crt
     csh Script	*.csh
     DER Encoded X509 Certificate File	*.der
     Executable File	*.exe
     FoxPro Compiled Source (Microsoft)	*.fxp
     Windows Help File	*.hlp
     Hypertext Application	*.hta
     Information or Setup File	*.inf
     IIS Internet Communications Settings (Microsoft)	*.ins
     IIS Internet Service Provider Settings (Microsoft)	*.isp
     Internet Document Set, International Translation	*.its
     JavaScript Source Code	*.js
     JScript Encoded Script File	*.jse
     UNIX Shell Script	*.ksh
     Windows Shortcut File	*.lnk
     Access Module Shortcut (Microsoft)	*.mad
     Access (Microsoft)	*.maf
     Access Diagram Shortcut (Microsoft)	*.mag
     Access Macro Shortcut (Microsoft)	*.mam
     Access Query Shortcut (Microsoft)	*.maq
     Access Report Shortcut (Microsoft)	*.mar
     Access Stored Procedures (Microsoft)	*.mas
     Access Table Shortcut (Microsoft)	*.mat
     Media Attachment Unit	*.mau
     Access View Shortcut (Microsoft)	*.mav
     Access Data Access Page (Microsoft)	*.maw
     Access Add-in (Microsoft), MDA Access 2 Workgroup (Microsoft)	*.mda
     Access Application (Microsoft), MDB Access Database (Microsoft)	*.mdb
     Access MDE Database File (Microsoft)	*.mde
     Access Add-in Data (Microsoft)	*.mdt
     Access Workgroup Information (Microsoft)	*.mdw
     Access Wizard Template (Microsoft)	*.mdz
     Microsoft Management Console Snap-in Control File (Microsoft)	*.msc
     Windows PowerShell	*.msh
     Windows PowerShell	*.msh1
     Windows PowerShell	*.msh2
     Windows PowerShell	*.mshxml
     Windows PowerShell	*.msh1xml
     Windows PowerShell	*.msh2xml
     Windows Installer File (Microsoft)	*.msi
     Windows Installer Patch	*.msp
     Windows SDK Setup Transform Script	*.mst
     Office Profile Settings File	*.ops
     Visual Test (Microsoft)	*.pcd
     Windows Program Information File (Microsoft)	*.pif
     Developer Studio Build Log	*.plg
     Outlook Profile file	*.prf
     Program File	*.prg
     Windows PowerShell	*.ps1
     Windows PowerShell	*.ps1xml
     Windows PowerShell	*.ps2
     Windows PowerShell	*.ps2xml
     Windows PowerShell	*.psc1
     Windows PowerShell	*.psc2
     MS Exchange Address Book File, Outlook Personal Folder File (Microsoft)	*.pst
     Registration Information/Key for W95/98, Registry Data File	*.reg
     Windows Explorer Command	*.scf
     Windows Screen Saver	*.scr
     Windows Script Component, Foxpro Screen (Microsoft)	*.sct
     Windows Shortcut into a Document	*.shb
     Shell Scrap Object File	*.shs
     Temporary File/Folder	*.tmp
     Internet Location	*.url
     VBScript File or Any VisualBasic Source	*.vb
     VBScript Encoded Script File	*.vbe
     VBScript Script File, Visual Basic for Applications Script	*.vbs
     Visual Studio .NET Binary-based Macro Project (Microsoft)	*.vsmacros
     Visio Workspace File (Microsoft)	*.vsw
     Windows Script File	*.ws
     Windows Script Component	*.wsc
     Windows Script File	*.wsf
     Windows Script Host Settings File	*.wsh
     Exchange Public Folder Shortcut	*.xnk
     Windows Help contents file	*.cnt
     Windows Gadget	*.gadget
     Windows program group file	*.grp
     Help project file	*.hpj
     JAVA archive file	*.jar
     Manifest configuration file	*.mcf
     Open software description file	*.osd
     Perl script file	*.pl
     Visual Basic project file	*.vbp
     XAML browser application	*.xbap
     ClickOnce Deployment Manifest File	*.application
     ClickOnce Application Reference File	*.appref-ms
     Active Server Page Extended	*.aspx
     ASF Redirector File	*.asx
     Borland Graphics Interface	*.bgi
     Windows Cabinet File	*.cab
     Microsoft Diagnostics Cabinet File	*.diagcab
     HTML Component File	*.htc
     Optical Disk Media File System	*.iso
     Java Network Launching Protocol	*.jnlp
     Windows Update File	*.msu
     Printer backup File	*.printerexport
     Windows PowerShell	*.psd1
     Windows PowerShell	*.psdm1
     Python Script	*.py
     Python Script	*.pyc
     Python Script	*.pyo
     Python Script	*.pyw
     Python Script	*.pyz
     Python Script	*.pyzw
     Desktop Theme File Settings	*.theme
     Virtual Hard Disk	*.vhd
     Virtual Hard Disk Extended	*.vhdx
     Internet Printing File	*.webpnp
     Pinned Site Shortcut from Internet Explorer	*.website
     Excel Addin	*.xll

• • Click Save.
  • Condition options:
    • Attachment filename: matches any of the filenames in the selected lists.

Note: This section is optional; you can implement this policy if you have a source which needs to send you these types of files. We will only add a Sender Domain list as an example, but you can add or use a Sender Group where you list email addresses instead. Data Protection happens after the antivirus scan. If files are detected as malicious, they'll be blocked by the Antivirus service.
  

1. Add a new Rule, and configure it as follows:
   • Name: Valid file senders.
   • Set it to: ANY conditions are met.
      
   1. Add a new condition, Sender Domain List.
      • Click Create a new Domain List.
      • Name: Approved file senders.
      • In this list we’ll add source domains deemed valid for the file restrictions above.
         
        • example.com
        • businesspartner.net
           
      • Click Save.
      • Condition options:
        • Domain of the sender: is in none of the selected lists.
           

Additional information

• Attachment file types restricted by Outlook 2007
• Attachment file types restricted by Outlook 2010
• Attachment file types restricted by Outlook 2013/16
• Email attachment blocked file extension list