Technical Tip: How to configure DLP to block EXE file type

1. Navigate to Security Profiles -> DLP File Pattern -> Select Create New -> Select EXE -> Select OK.

2. Navigate to Security Profiles -> Data Loss Prevention -> Select Create New -> Name as ExeFileType.

3. In the Rule -> Select Create New -> fill-in accordingly -> Select OK.

4. The DLP sensor to block the Exe file type is created.

5. Apply the DLP sensor to Policy. Make sure SSL deep inspection is configured as well.

6. To test the DLP sensor to block EXE file type. Visit https://www.fortiguard.com/sample-file

7. Select Windows Executable to download & immediately block messages displaying on the browser.

8. The EXE file type block will be logged in to the Data Loss Prevention event. Navigate to Log & Report to check.

More details on the event:

date=2025-01-14 time=08:32:35 eventtime=1736814755394571039 tz="+0800" logid="0954024576" type="utm" subtype="dlp" eventtype="dlp" level="warning" vd="root" filteridx=1 filtername="ExeFileType" dlpextra="ExeFileType" filtertype="file-type" filtercat="file" severity="medium" policyid=1 poluuid="7255b7b2-23af-51ef-c12c-c4f85c8a9127" policytype="policy" sessionid=534926573 epoch=736025777 eventid=0 srcip=10.176.2.144 srcport=59856 srccountry="Reserved" srcintf="port2" srcintfrole="undefined" dstip=154.52.22.209 dstport=443 dstcountry="Australia" dstintf="port1" dstintfrole="undefined" proto=6 service="HTTPS" filetype="exe" direction="incoming" action="block" hostname="filegen.fortinet.com" url="https://filegen.fortinet.com/v1/sandbox-file?file_name=windows.exe" agent="Chrome/131.0.0.0" filename="windows.exe" filesize=4609 profile="ExeFileType"