How to block .exe files that is downloadable in the internet

You could block them via a file-type or file pattern blacklist in DLP or an A/V profile, depending on the direction of the traffic. For inbound files from outbound sessions (web browsing, etc.), create a DLP blacklist specifying *.exe as a wildcard for file pattern. Add the list to an A/V profile applied to the outbound traffic.

The weakness with blocking by names is that it' s easy to get around. .ex1 .ex_ Simple renaming will defeat it. A more accurate detection would be to use DLP and block " executables" as a file type, rather then a name pattern.

Hi the note to change from pattern to type is absolutly correct. Keep in mind that you can also block stuff over MIME header which means usefully specially for not defined files etc. within file type or for specific stuff like bypassing radio streams from antivirus etc. how to do it: 1. Do a capture of this file, streaming or whatever you would like to reach with Capturing or Wireshark etc. What is important is to see the mime header like (we are looking or the " Content-Type" : Hypertext Transfer Protocol HTTP/1.0 200 OK\r\n Request Version: HTTP/1.0 Response Code: 200 Server: DCLK-AdSvr\r\n Content-Type: video/x-ms-asf\r\n X-Google-Inred-Content-Type: video/x-ms-asf\r\n Content-Length: 410\r\n Content-Encoding: gzip\r\n Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n Request Version: HTTP/1.1 Response Code: 200 Last-Modified: Mon, 14 Sep 2009 00:40:51 GMT\r\n Content-Type: video/x-flv\r\n Content-Length: 200994\r\n Connection: close\r\n Content-Disposition: attachment; filename=" video.flv" \r\n Expires: Thu, 29 Oct 2009 09:06:24 GMT\r\n Cache-Control: public,max-age=3600\r\n Date: Thu, 29 Oct 2009 08:06:24 GMT\r\n Server: gvs 1.0\r\n 2. Configure a Content Header entry: # config webfilter content-header # edit [Use an Integer example " 1" ] # set comment [set a comment] # config entries # edit " video\\/.*" # set action [block | allow | exempt] # next # edit " audio\\/.*" # set action [block | allow | exempt] # next # end # set name [Name for " Content-Header" example " block-video-exempt-audio" ] # next # end Use this Content Header entry within WebFiter: # config webfilter profile # edit [Name of the profile] # config web # set content-header-list [Integer of the Content Header entry " 1" ] # end # next # end Thats it......if you use the specific WebFilter within a specific Firewall Policy the Mime Traffic would be [block | allow | exempt]. If you set action to " exempt" content will be bypassed from utm features like antivirus. hope this is another possibilty have fun Andrea