Policy - File Restrictions
Available in the Policy Editor popup You can either allow or restrict a list of file extensions that applies to the secure storage partition of the devices. This option can be used to enable anti-malware protection as many organizations do not allow executable file formats on removable media. The feature only filters on the file extension, but this means that the files won’t be able to run on the host machine - thus there is no need to analyze the file header.
Note: File Restriction will allow files placed directly on the drive by the device client, including files needed for Anti-Malware and Publisher, if applicable. The following configurations are available:
• Enable File Restrictions on devices - checkbox
– Select this checkbox to limit the types of files users may save to their device. You can also define which file extensions are affected by the policy (for example .exe,.dll, etc) and the restriction mode, which allows you to Restrict or Allow. If you select “Restrict”, users will not be able to save the file types you specified to their device. If you select “Allow”, users will be able to save only the file types you specified to their device.
– File Type Extensions - text input - Enter the file types that you would like to change permissions for here with file extensions comma-separated such as: exe, dll, com. . .
– Restriction Mode
* Restrict These Files (Blacklist) - the device software will immediately delete any files that DO MATCH the file extension listed in the File Type Extensions.
* Allow Only These Files (Whitelist) - the device software will immediately delete any files that DO NOT MATCH the file extension listed in the File Type Extensions.
-Example File Type Extensions input It is popular to Restrict these executable file formats exe, dll, com, bat, js, jse, msi, msp, ocx, reg, sct, scr, sys, vb, vbe, vbs, wsc, wsf
-Policy device user interactions: The users are not alerted that the policy is activated. If a file is blocked from being stored on the secure storage partition, the user will be notified that Some files have been blocked to protect your computer: [filepaths-listed]. The file is deleted from the device’s secure storage. Note: you may have to refresh the file explorer to confirm that the deletion has taken place.