How can you block a file type when scanning it with SPE
In this example we will block the .sh file extension.
On Windows create a file c:\test.txt. The file should include *.sh extension. Additional files types can be added on separate lines.
Run xmlmodifier command to import the test.txt file.
xmlmodifier -b //filtering/FileAttribute/DenyFileNames/items c:\test.txt filtering.xml
Restart the Symantec Protection Engine service
Below are the results of running ssecls on the test.sh file after making the changes.
c:\Program Files\Symantec\Scan Engine\CmdLineScanner\C>ssecls c:\test.sh
Virus scan process began : Thu Jun 16 05:20:49 2022
Virus scan process completed : Thu Jun 16 05:20:49 2022
Defs Version = 20220615.019
Commandline Scanner = 18.104.22.168
Total Bytes = 21 (Bytes 21.0000)
Elapsed = 0.0480
Scan Rate = 437.50 (Bytes/sec)
Files Excluded = 0
Files Scanned = 1
Directories Scanned = 0
Directories Excluded = 0
Files Skipped = 0
Files Scan Error = 0
Files Infected = 1
Data based metering parameters:
Data Scanned in bytes = -1 (NA)
Total files scanned = -1 (NA)
No error was found during the scan
Infected file(s) list:
File Name: test.sh
Virus Name: File policy violation File Name Blocked
Virus ID: -1