cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
grahamd
grahamd
Level 7
Report Inappropriate Content
Message 1 of 3
‎07-04-2016 04:45 AM

MWG 7.5.2 Block files with particular extension .xlsm

Hi All,

I have recently commissioned a two node MWG cluster as a reverse proxy which is working fine, but I have a requirement that does not appear to be directly catered for

My app will only accept .xls files as uploads. Sometimes users attempt to upload .xlsm files some of which get through my MWG rule base. some of which do not, the MWG unpacks the .xlsm and applies my configured rules and reports upon items INSIDE the .xlsm. Whereas I want to be able to stop anything at all being uploaded with an .xlsm extension and ask the user via a custom message to resave in .xls format

I know file extensions can be spoofed this not a security configuration just a courtesy to my users! Does anyone know how I can setup blocking on file extension of a submission?

It would also be nice to able to be able to configure two separate rule bases, one for in bound and one four out bound or apply rules to inbound / outbound / both but again not seen any way to do that in the MWG policy config

Any insights (particularly around file extension blocking) gratefully received, Many thanks, Graham

0 Kudos
Reply
2 Replies
frederic.fichte
frederic.fichte
Level 7
Report Inappropriate Content
Message 2 of 3
‎01-30-2017 08:25 AM

Re: MWG 7.5.2 Block files with particular extension .xlsm

Hi Graham,

Use URL.FileExtension and match on a list of wildcards that contains "xlsm" and the other extensions you might want to forbid.

Best,

Frederic

0 Kudos
Reply
Regis
Regis
Level 12
Report Inappropriate Content
Message 3 of 3
‎01-31-2017 11:30 AM

Re: MWG 7.5.2 Block files with particular extension .xlsm

The following Excel  mediatype.ensuredtypes  "at least one in list"  with a list that includes these  macroEnabled thingees  might be something you'd like to block as well  as an OR function  to the URL.FileExtension matching,  and action of Block.

This would get around anyone simply renaming files to get around a file extension block.

shot.PNG

0 Kudos
Reply
More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support
  • The McAfee ePO Support Center Plug-in is now available in the Software Manager. Follow the instructions in the Product Guide for more.