What filetypes to be blocked for malware?

Forum|Forum|6 years ago
January 13, 2020
1 reply
2224 views

I would like to block malware files. On my gateway firewall, what filetypes should I block? . If I block only exe/DLL files getting dowloaded, will it help to avoid final malware getting executed ? What I would like to understand is, even if I allow communication with Command and Control (C2) servers, if I block executable/dll files, will it really block malware ultimate purpose?. Final payload will be only executable like exe/dll?

mcdaniels

New Member

Well that might not answer you question, but concerning C&C Servers (Botnets) it is important to activate the "Block Connections to botnet-servers" in DNS security filter.

Next thing is, that you have to allow SSL Deep Inspection, so all SSL traffic can be scanned, which leads to the next point: If you activate deep-inspection in policies, you have to import the fortigates cert to the clients browsers. If you don't do so, you will get a cert-warning on every ssl site you open.

For filetype-blocking you will have to use the webfilter, or DLP (which is removed from GUI in Forti-OS 6.2.3) AND your policies have to be in proxymode to make the filefilter (webfilter) work.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded