1 Reply Latest reply on Sep 28, 2016 3:36 PM by Peacekeeper

    MSME Blocking Executable Files

    after

      So recently my company just switched from Symantec to McAfee ePO with endpoint protection. With both products you get their security for Exchange program that you can use to enhance the security of your email system. One thing that I really liked about Symantec's security for Exchange was that it had a rule to block all executable files regardless if they were zipped or the extension was changed and it was incredible easy to setup as you just checked a box and you done. With MSME there is definitely a lot more granularity but I cant seem to get it to block executables like the Symantec product did. Please see the information below to understand how the Symantec product worked:

       

           "The Executable File Rule recognizes the following executable file types based on true file typing:

       

           - MSDOS/Windows *.exe files

           - MSDOS/Windows object library files

           - MSDOS/Windows programs

           - MSDOS device drivers

           - /x86-win-16-com

       

           In order for the Executable File Rule to detect one of these files, it must be a binary file, in other words the file must have been compiled with an application development program. You cannot rename another file with the      extension .exe and have the Executable File Rule match that content, the file must actually be an exectuable file. The upside to this approach is that the Executable File Rule will detect an executable file even if the extension      has been changed, or if the file has been added to an archive such as a zip, rar, or cab file.\"

       

      Now I followed the executable file rule in the MSME product guide but it doesn't seem to be working correctly and I'm still able to email executables and I've set the file filter policy in the master on-access policy to Delete message, Quarantine, and Notify administrator

       

           "How do I configure MSME to block executable files at a granular level?

           You can do this using the File Filtering Rules option. For example, let us see how to filter specific executable files such as the Windows executables.

           1 From the product's user interface, click Policy Manager | On-Access (Master Policy).

           2 Under Core-Scanners, click File Filtering and enable this option.

           3 Under Options (Core Anti-Spam Settings), click Edit.

           4 Under Available rules drop-down list, select .

           5 Specify a rule name and under File category filtering, select Enable file category filtering.

           6 From File categories list, select Other specific formats.

           7 From Subcategories list, select Windows Executables.

           8 Click Save."

       

      Any help would be appreciated.