Blocking All But Microsoft Office Files

  • Article

My name is Kurt and I work in the FSS test group here on Long Island. In addition to testing products before they are released, we also work with PSS to help resolve customer issues. Often we are asked to work on configuration problems customers are having.

 

A common question Forefront customers often ask about is blocking specific file types. In the case I am writing about here, however, users have asked to block ALL file types except Microsoft Office files (including Powerpoint files, Excel files etc.). It is possible to set up Forefront File Filtering to accomplish this, but it takes two file filters to make it work properly.

Here are the steps to follow if you would like to only allow MS Office files as attachments:

File Filter 1: To Allow Office Documents through.

1. Open the Forefront Server Security Administrator

2. Click Filtering – File Filtering

3. Create a new filter by clicking on Add

4. Enter * at the edit field

5. Uncheck All File Types

6. Select the following File Types: TNEF, DOC, OPENXML, WINEXCEL1, WINWORD1&2

7. Select Skip: detect only as the action

8. Uncheck Quarantine Files

9. Click Save

Screenshot for File Filter Allowing Office Documents

File Filter 2: To block all other files

1. Open the Forefront Server Security Administrator

2. Click Filtering – File Filtering

3. Create a new filter by clicking on Add

4. Enter * at the edit field

5. Select All File Types

6. Select Block or Purge as applicable

7. Select a Quarantine setting

8. Select a Send Notifications setting

9. Click Save

Screenshot for File Filter to Block All Other Files

NOTES:

· Be sure that File Filter 2 is below File Filter 1 in the list of File Filters as this is the order that the filters are applied.

· If you have too many Office files detected it may greatly increase the size of your incidents log, so you should be sure to monitor the log.

· TNEF is included in Step 6 for creating the first filter, because it is the “wrapper” around file attachments. If this file type was filtered in the second filter, then no attachments at all would be allowed through.

Kurt Wasserman 

Forefront Server Security SDET