Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?
Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?
The best way to block .exe and .bat file types using Threat Emulation technologies is to set these file types as prohibited using the tecli command. This method directly targets the specific file types and leverages advanced threat emulation capabilities to ensure that these dangerous file types are effectively blocked.
Answer is D
Answer is B
https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/taiwan/422/1/Check%20Point%20Sandblast%20PoC%20Guide%20v91.pdf page 101 To block certain filetypes inside archives (which is currently not possible with AV filetype blocking) use the following TECLI command: Enabling prohibited file types in archives On the gateway, run the command: tecli advanced attribute set prohibited_file_types , For example to block every archive that contains an exe file run: tecli advanced attribute set prohibited_file_types exe