How to create a data protection policy to block attachments that are potentially malicious.

Learn how to create a policy in Symantec Email Security.cloud Data Protection to restrict commonly exploited filetypes by extension.

Create a policy to block files

1. In the Symantec.cloud portal, navigate to Services > Data Protection.
2. Create a new Data Protection policy, and configure it as follows:
    
   • Name: Restricted file files
   • Apply to: Inbound email only. Other options are available, which depend on the scope you desire.
   • Execute if: All rules are met
   • Action: Redirect to Administrator. Other actions are available, which depend on the result you intend.
   • Administrator email: Configure a non-production administrator email address. This must be non-production address because Data Protection policy administrators are automatically whitelisted from all Data Protection policies to avoid mail loops.
   • Notifications: None
      
3. Add a new Rule, and configure it as follows:
   • Name: Restricted files
   • Set it to: ANY conditions are met
      
   • Add a new condition, Attachment Filename List.
   • Click Create a new filename List.
   • Name: Potential Malicious files
     
     The following entries are typical files blocked by Outlook 2010, but you can add more or remove some of the extensions as per your needs.
     
     

     Access Project Extension (Microsoft)	*.ade
     Access Project (Microsoft)	*.adp
     Executable Application	*.app
     Active Server Page	*.asp
     BASIC Source Code	*.bas
     Batch Processing	*.bat
     Internet Security Certificate File	*.cer
     Compiled HTML Help	*.chm
     DOS CP/M Command File, Command File for Windows NT	*.cmd
     Command	*.com
     Windows Control Panel Extension (Microsoft)	*.cpl
     Certificate File	*.crt
     csh Script	*.csh
     DER Encoded X509 Certificate File	*.der
     Executable File	*.exe
     FoxPro Compiled Source (Microsoft)	*.fxp
     Windows Help File	*.hlp
     Hypertext Application	*.hta
     Information or Setup File	*.inf
     IIS Internet Communications Settings (Microsoft)	*.ins
     IIS Internet Service Provider Settings (Microsoft)	*.isp
     Internet Document Set, International Translation	*.its
     JavaScript Source Code	*.js
     JScript Encoded Script File	*.jse
     UNIX Shell Script	*.ksh
     Windows Shortcut File	*.lnk
     Access Module Shortcut (Microsoft)	*.mad
     Access (Microsoft)	*.maf
     Access Diagram Shortcut (Microsoft)	*.mag
     Access Macro Shortcut (Microsoft)	*.mam
     Access Query Shortcut (Microsoft)	*.maq
     Access Report Shortcut (Microsoft)	*.mar
     Access Stored Procedures (Microsoft)	*.mas
     Access Table Shortcut (Microsoft)	*.mat
     Media Attachment Unit	*.mau
     Access View Shortcut (Microsoft)	*.mav
     Access Data Access Page (Microsoft)	*.maw
     Access Add-in (Microsoft), MDA Access 2 Workgroup (Microsoft)	*.mda
     Access Application (Microsoft), MDB Access Database (Microsoft)	*.mdb
     Access MDE Database File (Microsoft)	*.mde
     Access Add-in Data (Microsoft)	*.mdt
     Access Workgroup Information (Microsoft)	*.mdw
     Access Wizard Template (Microsoft)	*.mdz
     Microsoft Management Console Snap-in Control File (Microsoft)	*.msc
     Windows PowerShell	*.msh
     Windows PowerShell	*.msh1
     Windows PowerShell	*.msh2
     Windows PowerShell	*.mshxml
     Windows PowerShell	*.msh1xml
     Windows PowerShell	*.msh2xml
     Windows Installer File (Microsoft)	*.msi
     Windows Installer Patch	*.msp
     Windows SDK Setup Transform Script	*.mst
     Office Profile Settings File	*.ops
     Visual Test (Microsoft)	*.pcd
     Windows Program Information File (Microsoft)	*.pif
     Developer Studio Build Log	*.plg
     Outlook Profile file	*.prf
     Program File	*.prg
     Windows PowerShell	*.ps1
     Windows PowerShell	*.ps1xml
     Windows PowerShell	*.ps2
     Windows PowerShell	*.ps2xml
     Windows PowerShell	*.psc1
     Windows PowerShell	*.psc2
     MS Exchange Address Book File, Outlook Personal Folder File (Microsoft)	*.pst
     Registration Information/Key for W95/98, Registry Data File	*.reg
     Windows Explorer Command	*.scf
     Windows Screen Saver	*.scr
     Windows Script Component, Foxpro Screen (Microsoft)	*.sct
     Windows Shortcut into a Document	*.shb
     Shell Scrap Object File	*.shs
     Temporary File/Folder	*.tmp
     Internet Location	*.url
     VBScript File or Any VisualBasic Source	*.vb
     VBScript Encoded Script File	*.vbe
     VBScript Script File, Visual Basic for Applications Script	*.vbs
     Visual Studio .NET Binary-based Macro Project (Microsoft)	*.vsmacros
     Visio Workspace File (Microsoft)	*.vsw
     Windows Script File	*.ws
     Windows Script Component	*.wsc
     Windows Script File	*.wsf
     Windows Script Host Settings File	*.wsh
     Exchange Public Folder Shortcut	*.xnk
     Windows Help contents file	*.cnt
     Windows Gadget	*.gadget
     Windows program group file	*.grp
     Help project file	*.hpj
     JAVA archive file	*.jar
     Manifest configuration file	*.mcf
     Open software description file	*.osd
     Perl script file	*.pl
     Visual Basic project file	*.vbp
     XAML browser application	*.xbap
     ClickOnce Deployment Manifest File	*.application
     ClickOnce Application Reference File	*.appref-ms
     Active Server Page Extended	*.aspx
     ASF Redirector File	*.asx
     Borland Graphics Interface	*.bgi
     Windows Cabinet File	*.cab
     Microsoft Diagnostics Cabinet File	*.diagcab
     HTML Component File	*.htc
     Optical Disk Media File System	*.iso
     Java Network Launching Protocol	*.jnlp
     Windows Update File	*.msu
     Printer backup File	*.printerexport
     Windows PowerShell	*.psd1
     Windows PowerShell	*.psdm1
     Python Script	*.py
     Python Script	*.pyc
     Python Script	*.pyo
     Python Script	*.pyw
     Python Script	*.pyz
     Python Script	*.pyzw
     Desktop Theme File Settings	*.theme
     Virtual Hard Disk	*.vhd
     Virtual Hard Disk Extended	*.vhdx
     Internet Printing File	*.webpnp
     Pinned Site Shortcut from Internet Explorer	*.website
     Excel Addin	*.xll

• • Click Save.
  • Condition options:
    • Attachment filename: matches any of the filenames in the selected lists

Note: This section is optional; you can implement this policy if you have a source which needs to send you these types of files. We will only add a Sender Domain list as an example, but you can add or use a Sender Group where you list email addresses instead. Data Protection happens after the antivirus scan. If files are detected as malicious, they'll be blocked by the Antivirus service.
  

1. Add a new Rule, and configure it as follows:
   • Name: Valid file senders
   • Set it to: ANY conditions are met
      
   1. Add a new condition, Sender Domain List
      • Click Create a new Domain List.
      • Name: Approved file senders
      • In this list we’ll add source domains deemed valid for the file restrictions above.
         
        • example.com
        • businesspartner.net
           
      • Click Save.
      • Condition options:
        • Domain of the sender: is in none of the selected lists
           

Additional information

• Attachment file types restricted by Outlook 2007
• Attachment file types restricted by Outlook 2010
• Attachment file types restricted by Outlook 2013/16
• Email attachment blocked file extension list