cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
grahamd
grahamd
Level 7
Report Inappropriate Content
Message 1 of 3
‎07-04-2016 04:45 AM

MWG 7.5.2 Block files with particular extension .xlsm

Hi All,

I have recently commissioned a two node MWG cluster as a reverse proxy which is working fine, but I have a requirement that does not appear to be directly catered for

My app will only accept .xls files as uploads. Sometimes users attempt to upload .xlsm files some of which get through my MWG rule base. some of which do not, the MWG unpacks the .xlsm and applies my configured rules and reports upon items INSIDE the .xlsm. Whereas I want to be able to stop anything at all being uploaded with an .xlsm extension and ask the user via a custom message to resave in .xls format

I know file extensions can be spoofed this not a security configuration just a courtesy to my users! Does anyone know how I can setup blocking on file extension of a submission?

It would also be nice to able to be able to configure two separate rule bases, one for in bound and one four out bound or apply rules to inbound / outbound / both but again not seen any way to do that in the MWG policy config

Any insights (particularly around file extension blocking) gratefully received, Many thanks, Graham

0 Kudos
Reply
2 Replies
frederic.fichte
frederic.fichte
Level 7
Report Inappropriate Content
Message 2 of 3
‎01-30-2017 08:25 AM

Re: MWG 7.5.2 Block files with particular extension .xlsm

Hi Graham,

Use URL.FileExtension and match on a list of wildcards that contains "xlsm" and the other extensions you might want to forbid.

Best,

Frederic

0 Kudos
Reply
Regis
Regis
Level 12
Report Inappropriate Content
Message 3 of 3
‎01-31-2017 11:30 AM

Re: MWG 7.5.2 Block files with particular extension .xlsm

The following Excel  mediatype.ensuredtypes  "at least one in list"  with a list that includes these  macroEnabled thingees  might be something you'd like to block as well  as an OR function  to the URL.FileExtension matching,  and action of Block.

This would get around anyone simply renaming files to get around a file extension block.

shot.PNG

0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC