In 5.8 there is a separate file filtering policy available. In earlier versions inspection policies have options for different file types, look under Suspicious traffic and Traffic Indentification for entreis starting with FILE
In the file filtering policy, just create a rule for the file types You need to block, select source and destination accordingly for downloads, action discard
Copying the built-in file types doesn't seem to be possible, so You would have to create the details Yourself for custom file types.
In 5.8.1 windows executables are added, probably best to test if it works for Your case
<EDIT> Installing the latest dynamic update also brings the executables to 5.8.0
I think you can configure some custom situations matching the file extensions. Be sure to specify the correct context.
If, for instance, you want to block word files to be downloaded via http you should configure a custom situation with "http server stream" in the context and the following DFA expression:
please let me know if you need further info.
Thanks for your reply,
Do you mean I need to create a User Defined Situation in the File Type Identification context?
What is the separation value between the extensions list (";" or "," )? Have you tried this before?
For some reason I couldn't find any guide for this on McAfee...
As far as i know there is no DFA official guide. If you have attended an official NGFW training you should have learned the basics of DFA.
Appendix D in SMC Administrator's Guide introduces the regex syntax that is used:
Same also available via online help: