Blocking All But Microsoft Office Files


My name is Kurt and I work in the FSS test group here on Long Island.  In addition to testing products before they are released, we also work with PSS to help resolve customer issues.  Often we are asked to work on configuration problems customers are having. 


 


A common question Forefront customers often ask about is blocking specific file types.  In the case I am writing about here, however, users have asked to block ALL file types except Microsoft Office files (including Powerpoint files, Excel files etc.).  It is possible to set up Forefront File Filtering to accomplish this, but it takes two file filters to make it work properly.


 


Here are the steps to follow if you would like to only allow MS Office files as attachments:


 


File Filter 1: To Allow Office Documents through.


1.    Open the Forefront Server Security Administrator


2.    Click Filtering – File Filtering


3.    Create a new filter by clicking on Add


4.    Enter * at the edit field


5.    Uncheck All File Types


6.    Select the following File Types: TNEF, DOC, OPENXML, WINEXCEL1, WINWORD1&2


7.    Select Skip: detect only as the action


8.    Uncheck Quarantine Files


9.    Click Save


 


Screenshot for File Filter Allowing Office Documents


 


 


File Filter 2: To block all other files 


1.    Open the Forefront Server Security Administrator


2.    Click Filtering – File Filtering


3.    Create a new filter by clicking on Add


4.    Enter * at the edit field


5.    Select All File Types


6.    Select Block or Purge as applicable


7.    Select a Quarantine setting


8.    Select a Send Notifications setting


9.    Click Save


 


Screenshot for File Filter to Block All Other Files


 


NOTES:


·         Be sure that File Filter 2 is below File Filter 1 in the list of File Filters as this is the order that the filters are applied.


·         If you have too many Office files detected it may greatly increase the size of your incidents log, so you should be sure to monitor the log.


·         TNEF is included in Step 6 for creating the first filter, because it is the “wrapper” around file attachments.  If this file type was filtered in the second filter, then no attachments at all would be allowed through.


 


 


Kurt Wasserman 


Forefront Server Security SDET

Comments (2)

  1. Anonymous says:

    Ein schon etwas älterer, aber für Administratoren bestimmt interessanter Artikel aus dem Forefront Server

  2. Anonymous says:

    Hi,

    Can someone advise how we can block embedded macro in office documents as well as {classid} files?