Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Aaron_Abrincia_Meimb
New Contributor II

How to block .exe files that is downloadable in the internet

Hi Engineers, Can you please help on how to block .exe files that is downloadable in the internet. Regards Aaron
Network Engineer
Network Engineer
3 REPLIES 3
Christopher_McMullan

You could block them via a file-type or file pattern blacklist in DLP or an A/V profile, depending on the direction of the traffic. For inbound files from outbound sessions (web browsing, etc.), create a DLP blacklist specifying *.exe as a wildcard for file pattern. Add the list to an A/V profile applied to the outbound traffic.

Regards, Chris McMullan Fortinet Ottawa

Adrian_Buckley_FTNT

The weakness with blocking by names is that it' s easy to get around. .ex1 .ex_ Simple renaming will defeat it. A more accurate detection would be to use DLP and block " executables" as a file type, rather then a name pattern.
AndreaSoliva
Contributor III

Hi the note to change from pattern to type is absolutly correct. Keep in mind that you can also block stuff over MIME header which means usefully specially for not defined files etc. within file type or for specific stuff like bypassing radio streams from antivirus etc. how to do it: 1. Do a capture of this file, streaming or whatever you would like to reach with Capturing or Wireshark etc. What is important is to see the mime header like (we are looking or the " Content-Type" : Hypertext Transfer Protocol HTTP/1.0 200 OK\r\n Request Version: HTTP/1.0 Response Code: 200 Server: DCLK-AdSvr\r\n Content-Type: video/x-ms-asf\r\n X-Google-Inred-Content-Type: video/x-ms-asf\r\n Content-Length: 410\r\n Content-Encoding: gzip\r\n Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n Request Version: HTTP/1.1 Response Code: 200 Last-Modified: Mon, 14 Sep 2009 00:40:51 GMT\r\n Content-Type: video/x-flv\r\n Content-Length: 200994\r\n Connection: close\r\n Content-Disposition: attachment; filename=" video.flv" \r\n Expires: Thu, 29 Oct 2009 09:06:24 GMT\r\n Cache-Control: public,max-age=3600\r\n Date: Thu, 29 Oct 2009 08:06:24 GMT\r\n Server: gvs 1.0\r\n 2. Configure a Content Header entry: # config webfilter content-header # edit [Use an Integer example " 1" ] # set comment [set a comment] # config entries # edit " video\\/.*" # set action [block | allow | exempt] # next # edit " audio\\/.*" # set action [block | allow | exempt] # next # end # set name [Name for " Content-Header" example " block-video-exempt-audio" ] # next # end Use this Content Header entry within WebFiter: # config webfilter profile # edit [Name of the profile] # config web # set content-header-list [Integer of the Content Header entry " 1" ] # end # next # end Thats it......if you use the specific WebFilter within a specific Firewall Policy the Mime Traffic would be [block | allow | exempt]. If you set action to " exempt" content will be bypassed from utm features like antivirus. hope this is another possibilty have fun Andrea
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors