Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?
Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?
The best way to block .exe and .bat file types using Threat Emulation technologies is to use the command 'tecli advanced attributes set prohibited_file_types.exe.bat.' This approach directly employs Threat Emulation settings to specify and restrict file types, adhering to the precise functionality of threat emulation for blocking specific file types. Other options such as creating a firewall rule, enabling .exe and .bat protection in IPS policy, and enabling DLP are not as directly tied to the configuration of Threat Emulation technologies and may not effectively achieve the desired outcome.
tecli advanced attribute set prohibited_file_types <file_type1>,<file_type2>
DLP, IPS and FW blades have nothing to do with Threat Emulation Blade. Correct answer is D
I guess it was a typo and you meant to say that the correct option was B.
https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/taiwan/422/1/Check%20Point%20Sandblast%20PoC%20Guide%20v91.pdf page 101 To block certain filetypes inside archives (which is currently not possible with AV filetype blocking) use the following TECLI command: Enabling prohibited file types in archives On the gateway, run the command: tecli advanced attribute set prohibited_file_types , For example to block every archive that contains an exe file run: tecli advanced attribute set prohibited_file_types exe
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwiy0KnOsaD-AhUsDrkGHWKKCdkQFnoECBsQAQ&url=https%3A%2F%2Fcommunity.checkpoint.com%2Ffyrhh23835%2Fattachments%2Ffyrhh23835%2Ftaiwan%2F422%2F1%2FCheck%2520Point%2520Sandblast%2520PoC%2520Guide%2520v91.pdf&usg=AOvVaw2lFqrrDbxyZjVDORA-Jh9E
Sorry, my mistake it's B
Correct answer is A