we see a lot of files with extension docm attacking the mailserver via smtp and identified as malicious by wildfire. is there a way to simply block those files via File Blocking profile like we are doing for pe and other file types. The point is that there is no possibility to choose such file type in File Blocking profile.
Any other idea?
Solved! Go to Solution.
not sure if .docm are 'special' in any way, but have you tried regular doc and docx ? file types are identified by more than just their extention and if the docm files match regular 'microsoft office word' formatting, either .doc or .docx should match
There really isn't anything special with docm except for the fact that it by default is macro enabled. If you block msoffice you should effectively block docm files as well.
I'm going to guess that you are looking at specifically docm files, which I do not believe is a registered file type with PA. It may be worth creating a custom signature and blocking them like that, however you could just as easily have your System Admin enable a group policy that disables your end-users access to Macros in Word and Excel. That way even if you can't get the docm file extension blocked your users would at least not be able to open them.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!