Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Aaron_Abrincia_Meimb
New Contributor II

Created on ‎09-19-2014 03:30 PM

How to block .exe files that is downloadable in the internet

Hi Engineers, Can you please help on how to block .exe files that is downloadable in the internet. Regards Aaron
Network Engineer
Network Engineer
36200
3 REPLIES 3
Christopher_McMullan
Staff
Staff

Created on ‎09-19-2014 06:55 PM

You could block them via a file-type or file pattern blacklist in DLP or an A/V profile, depending on the direction of the traffic. For inbound files from outbound sessions (web browsing, etc.), create a DLP blacklist specifying *.exe as a wildcard for file pattern. Add the list to an A/V profile applied to the outbound traffic.

Regards, Chris McMullan Fortinet Ottawa

8144
0 Kudos
Adrian_Buckley_FTNT
Staff
Staff

Created on ‎09-23-2014 07:37 AM

The weakness with blocking by names is that it' s easy to get around. .ex1 .ex_ Simple renaming will defeat it. A more accurate detection would be to use DLP and block " executables" as a file type, rather then a name pattern.
8144
0 Kudos
AndreaSoliva
Contributor III

Created on ‎09-30-2014 05:42 AM

Hi the note to change from pattern to type is absolutly correct. Keep in mind that you can also block stuff over MIME header which means usefully specially for not defined files etc. within file type or for specific stuff like bypassing radio streams from antivirus etc. how to do it: 1. Do a capture of this file, streaming or whatever you would like to reach with Capturing or Wireshark etc. What is important is to see the mime header like (we are looking or the " Content-Type" : Hypertext Transfer Protocol HTTP/1.0 200 OK\r\n Request Version: HTTP/1.0 Response Code: 200 Server: DCLK-AdSvr\r\n Content-Type: video/x-ms-asf\r\n X-Google-Inred-Content-Type: video/x-ms-asf\r\n Content-Length: 410\r\n Content-Encoding: gzip\r\n Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n Request Version: HTTP/1.1 Response Code: 200 Last-Modified: Mon, 14 Sep 2009 00:40:51 GMT\r\n Content-Type: video/x-flv\r\n Content-Length: 200994\r\n Connection: close\r\n Content-Disposition: attachment; filename=" video.flv" \r\n Expires: Thu, 29 Oct 2009 09:06:24 GMT\r\n Cache-Control: public,max-age=3600\r\n Date: Thu, 29 Oct 2009 08:06:24 GMT\r\n Server: gvs 1.0\r\n 2. Configure a Content Header entry: # config webfilter content-header # edit [Use an Integer example " 1" ] # set comment [set a comment] # config entries # edit " video\\/.*" # set action [block | allow | exempt] # next # edit " audio\\/.*" # set action [block | allow | exempt] # next # end # set name [Name for " Content-Header" example " block-video-exempt-audio" ] # next # end Use this Content Header entry within WebFiter: # config webfilter profile # edit [Name of the profile] # config web # set content-header-list [Integer of the Content Header entry " 1" ] # end # next # end Thats it......if you use the specific WebFilter within a specific Firewall Policy the Mime Traffic would be [block | allow | exempt]. If you set action to " exempt" content will be bypassed from utm features like antivirus. hope this is another possibilty have fun Andrea
8144
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.