search cancel

How to block a file type like .sh when being scanned

book

Article ID: 243988

calendar_today

Updated On:

Products

Protection Engine for NAS

Issue/Introduction

How can you block a file type when scanning it with SPE

Resolution

In this example we will block the .sh file extension.

On Windows create a file c:\test.txt.   The file should include *.sh extension.  Additional files types can be added on separate lines.

Run xmlmodifier command to import the test.txt file.

xmlmodifier -b //filtering/FileAttribute/DenyFileNames/items c:\test.txt filtering.xml

Restart the Symantec Protection Engine service

Additional Information

Below are the results of running ssecls on the test.sh file after making the changes.

c:\Program Files\Symantec\Scan Engine\CmdLineScanner\C>ssecls c:\test.sh


    Virus scan process began : Thu Jun 16 05:20:49 2022
Virus scan process completed : Thu Jun 16 05:20:49 2022

        Defs Version = 20220615.019
 Commandline Scanner = 8.2.0.6

         Total Bytes = 21 (Bytes 21.0000)
             Elapsed = 0.0480
           Scan Rate =  437.50 (Bytes/sec)

      Files Excluded = 0
       Files Scanned = 1
 Directories Scanned = 0
Directories Excluded = 0
       Files Skipped = 0
    Files Scan Error = 0
      Files Infected = 1


Data based metering parameters:
Data Scanned in bytes = -1 (NA)
Total files scanned = -1 (NA)

No error was found during the scan


Infected file(s) list:
c:\Junk\Test\test.sh  deleted
        File Name:      test.sh
        Virus Name:     File policy violation File Name Blocked
        Virus ID:       -1
        Unscannable: false
        Disposition:    Infected