This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

File Blocking not recognizing .docx or .xlsx files.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

File Blocking not recognizing .docx or .xlsx files.

Networking2017
L2 Linker

‎08-09-2021 08:47 AM

I just created a new file blocking profile and added xlsx, pdf, docx and multi-level-encoding.  I set the action to alert.  I want to monitor the found traffic prior to implementing a block rule.

 

When I download a PDF file from the Internet, the vent is logged in the Monitor/Data Filtering.

 

When I download a .docx or .xlsx file, it is not logged in  the Monitoring/Data Filtering.

 

What am I missing?

 

Thanks

0 Likes Likes
8 REPLIES 8

Remo
L7 Applicator

‎08-09-2021 09:21 AM

Hi @Networking2017 

Docx and xlsx files are basically zip files, so to see the initial file you should also add zip. But to address your problem, try to add another rule to the fileblocking profile where you log all filetypes. This way you should see in the logs which filetypes you need to add also. 

0 Likes Likes

Remo
L7 Applicator
In response to Remo

‎08-09-2021 10:47 AM

@Networking2017 do you download the office documents from the same server as the pdf?

0 Likes Likes

Networking2017
L2 Linker
In response to Remo

‎08-09-2021 11:27 AM

No.  Different servers.  I think I need to get decryption working.  That way the file blocking can decrypt and see the attachement correctly.

 

0 Likes Likes

Remo
L7 Applicator
In response to Networking2017

‎08-09-2021 11:42 AM

@Networking2017 that would have been my next question - the part about decryption ; )

0 Likes Likes

Networking2017
L2 Linker
In response to Networking2017

‎08-09-2021 11:49 AM

Thanks for replying.  Do you typically push out the decryption cert using Active Directory or some other method for domain joined computers?

0 Likes Likes

Remo
L7 Applicator
In response to Networking2017

‎08-09-2021 12:08 PM

Yes, usually with group policies the certs are pushed to the clients. If you use global protect you can also install a cert this way onto the clients that connect to the portal.

Networking2017
L2 Linker
In response to Remo

‎08-13-2021 08:23 AM

Once I setup decryption, I was able to block the docx and xlsx files.  Thanks.

 

Another question...If I block the file, is there any way to actually retrieve the blocked file like an email filter does?

0 Likes Likes

Remo
L7 Applicator
In response to Networking2017

‎08-13-2021 11:42 AM

Paloalto does it's analysis of the traffic atream-based and not with store-and-forward-method (like almost all email gateways operate).

In short, no, unfortunately this is not possible to retrieve the file.

0 Likes Likes
  • 5581 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks