Prohibit Intercept X Advanced users to download .exe, .scr files

For users, id like to prohibit incoming file data via all applications (outlook,web browser etc.) .exe, .scr or malware injected data files like pdf, jpg, mp3 (stenography) etc. from internet.

Can sophos identify and manage it?
What kind of policy to do it?

  • Hi  

    You can configure block risky file types under Web control policy > additional security options configure access to advertisements, uncategorized sites, and risky downloads. Kindly refer to this document for more information. When Sophos Anti-Virus/Sophos Intercept X encounters malware it will prevent execution and then attempt to automatically clean the threat. 

  • Hey Can carmack,

    Not sure if you're asking if you block the inbound files by type from entering your network of if you're asking if Intercept will block files that contain mailware.  So, I'll answer both...

    Files containing malware - Intercept X won't stop the files from coming into your environment, but when the files are accessed they will be scanned and if containing malware will be blocked/quarantined and cleaned. Intercept has to see the files before it can scan them :)

    Blocking file downloads/attachments etc - yes and no - you could configure Web Control to block downloads, but that will only apply to files that are downloaded from within a browser. 

    You could use a DLP policy to block by file type, but that would also block files being attached to Outlook for internal mail too.

    If you want to only block data from being downloaded over the internet regardless of application, you would need to leverage other technologies such as  firewalls and email gateways.

    Joe

  •  Thanks   for explanation.


    As you know users are mostly operationg remotely these days. So if there is a way for block selected file extensions at network level please help -we have SophosXG device-

     


    As i understand we can only prohibit file access in Intercept-X.

  • In reply to Can carmack:

    Hi  

    I understand your concern, but these are settings available on the endpoint. For Network level configuration, I would suggest you post your query in Sophos XG forum so that other users can also share their thoughts if that is possible.