1 | General Information | |
---|---|---|
2 | Topic | Comment |
3 | Motive | Companies often struggle with identifying which file extensions/types to block within their email security gateway mechanisms. This list was created to provide a foundation for such decisions. Relying on a crowd-sourcing model of input allows us as a community to amass a solid list of file types along with reasons for blocking each file type. |
4 | Disclaimer | PLEASE make sure to test any blocks you choose to implement with a smaller subset of your infrastructure. We make no claim that outright blocking of the items included within this document won't lead to catastrophe within your org :). |
5 | Known Issues | n/a |
6 | First Release | 9/16/2020 |
7 | License | CC Creative Commons - Attribution 4.0 International (CC BY 4.0) https://creativecommons.org/licenses/by/4.0/ |
8 | Access Rights | Everyone: READ / COMMENT Invited Editors: READ / COMMENT / WRITE |
9 | Support | Please contact Ryan Chapman (@rj_chap) if you would like to modify or add content to the block list. Please provide your email address if you are interested in helping with this document (preferably GMail since we're using GSuite here) |
10 | Short URL | https://for528.com/blocklist |
11 | Note | Document design shamelessly borrowed from Florian Roth -- https://twitter.com/cyb3rops |
12 | Contributors | Thanks to all those who contribute!! |
13 | Name / Nickname | Twitter Handle |
14 | Ryan Chapman | @rj_chap |
15 | Will Ikard | @verusprodigy |
1 | File Suffix | Description | File Type | Priority (1-5) | Business Impact (1-5) | Reason(s) to block | General Notes | Cited Examples |
---|---|---|---|---|---|---|---|---|
2 | .ade | 1 | 1 | |||||
3 | .adp | 1 | 1 | |||||
4 | .apk | Android APK file | Program | 1 | 1 | |||
5 | .appx | 1 | 1 | |||||
6 | .appxbundle | 1 | 1 | |||||
7 | .bat | Windows batch scripting file | Script | 1 | 2 | |||
8 | .cab | Windows cabinet (CAB) file | Archive | 1 | 1 | |||
9 | .chm | 1 | 1 | |||||
10 | .cmd | 1 | 1 | |||||
11 | .com | Windows COM command | 1 | 1 | ||||
12 | .cpl | Windows Control Panel | 1 | 1 | ||||
13 | .crt | 1 | 1 | |||||
14 | .dll | Windows Dynamic Linked LIbrary (PE) | 1 | 1 | ||||
15 | .dmg | Mac disk image file | Disk image | 1 | 2 | |||
16 | .doc | MS Word Document | Document | 2 | 5 | |||
17 | .docm | MS Word Document - Macro enabled! | Document | 2 | 4 | |||
18 | .docx | MS Word Document (OOXML version) | Document | 2 | 5 | |||
19 | .exe | Windows executable (PE) | Program | 1 | 1 | |||
20 | .hta | HTML Application file | 1 | 1 | Read by mshtma.exe | |||
21 | .ins | 1 | 1 | |||||
22 | .iso | Disk image | 1 | 1 | ||||
23 | .isp | 1 | 1 | |||||
24 | .jar | Java JAR file | Program | 1 | 2 | |||
25 | .js | JavaScript script file | Script | 1 | 1 | |||
26 | .jse | JavaScript script file | Script | 1 | 1 | |||
27 | .lib | 1 | 1 | |||||
28 | .lnk | 1 | 1 | |||||
29 | .mde | 1 | 1 | |||||
30 | .msc | 1 | 1 | |||||
31 | .msi | Windows Microsoft Installer file (PE) | Program | 1 | 1 | |||
32 | .msix | 1 | 1 | |||||
33 | .msixbundle | 1 | 1 | |||||
34 | .msp | 1 | 1 | |||||
35 | .mst | 1 | 1 | |||||
36 | .nsh | 1 | 1 | |||||
37 | Portable Document Format document | Document | 2 | 5 | ||||
38 | .pif | 1 | 1 | |||||
39 | .ps1 | 1 | 2 | |||||
40 | .reg | 1 | 1 | |||||
41 | .rtf | Rich Text Format text document | Document | 2 | 5 | |||
42 | .scr | 1 | 1 | |||||
43 | .sct | 1 | 1 | |||||
44 | .shb | 1 | 1 | |||||
45 | .sys | 1 | 1 | |||||
46 | .tiff | Graphic | 1 | 1 | https://searchsecurity.techtarget.com/answer/Attack-by-TIFF-images-What-are-the-vulnerabilities-in-LibTIFF | |||
47 | .vb | 1 | 1 | |||||
48 | .vbe | Windows VisualBasic script - encoded | Script | 1 | 1 | |||
49 | .vbs | Windows VisualBasic script | Script | 1 | 2 | |||
50 | .vxd | 1 | 1 | |||||
51 | .wsc | 1 | 1 | |||||
52 | .wsf | 1 | 1 | |||||
53 | .wsh | Windows Scripting Host Script | Script | 1 | 1 | |||
54 | .zip | A ZIP archive | Archive | 1 | 4 |