How to block additional file types?

Showing results for 
Search instead for 
Did you mean: 

How to block additional file types?

Not applicable

Hello guys,

Can you please advise how we can restrict access to file types such are .vbs and .msi?

These types are not available in the File block list.

Kind Regards,



L4 Transporter


We just added MSI to this weeks content release. You should see it

show up if you upgrade to content update 150. We don't currently have

support for VBS files but we can take a look at adding support for

them in a future content release.


Thanks for the quick reply, I've just updated and added .msi to the block list.

Would it be possible to investigate if the following file types can be blocked?




















Many thanks,


I'd like to add .xap files.  Silverlight uses these.


Thanks for the suggestion. Can you tell me how controlling xap files differs from controlling silverlight as an application via App-ID?


Hi Alfred,

I have noticed the file transfer blocking doesn’t work as expected. If a rule is in place blocking any file transfer using gmail or any other web-mail (Gmail not GTALK file transfer), it doesn’t work for file-types apart from the once mentioned in the list e.g. .TXT, .PCAP etc. If I select "ANY" as an option, that should block any attachments irrespective of the file-type or the extension. Even if PAN NGFW manages to block it, using a classic uploader option on gmail, the file goes right through. This is just a matter of checking a check-box on the settings page of the Gmail account, which an end user can easily do. I have tried the same with multiple web mails, attachment blocking doesn’t work for non listed file types, when the file type is selected as “ANY” in the file blocking profile.

Any advice would be appreciated.


Sumukh Rao

Hi Sumukh,

As I told you, any means any of the below file types. It is a bit misleading.


L6 Presenter

Enclosed is a custom appID to detect for .jpg images.  The signature is looking for the end of the URI path and matching on  the string ‘\.jpg HTTP’ without the quote.  This will work for web-browsing apps only, and a typical web request would look like this:

GET .../images/twitter_corp.jpg HTTP/1.1\r\n

GET .../pictures/logo.jpg HTTP/1.1\r\n

You can import this appID into the PAN device under Objects ==> Application.  Once verified, you can clone the app and change the app signature to match other file types like .scr, .pif, etc.

Are you decrypting the Gmail session so that the PA unit can actually see the upload?




Is there any update on blocking the below list of file types please?




Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!