Filtering files by file type

  • Article

 

Applies to: Forefront Protection 2010 for SharePoint

You can filter certain file types in Microsoft Forefront Protection 2010 for SharePoint (FPSP). To filter by file type, set the Filter criteria - by file type selection to the exact file type you want to filter, and then type an asterisk (*) as the file name.

For example, you can set the file type to PKZip, and then type * as the file name. This ensures that all PKZip files are filtered, no matter what their file name or extension.

One advantage of using the * wildcard and associating it with a specific file type (for example, PKZip) is that it prevents users from bypassing the filter by changing the extension or name of a file. Also, FPSP works more efficiently if you select the appropriate file type rather than selecting all file types.

For more information about file types you can use in creating file filters, see File types used in creating file filters.

Note

For Microsoft Office 2007 documents (for example, Word, Excel, and PowerPoint), you should use the proper file extension in the Filter Criteria - By File Name box and then in the Filter Criteria - By File Type list, click Microsoft Office OpenXML.

Note

Embedded files within a Microsoft Office 2007 (OpenXML) file are not filtered. For example, if you create a file filter list that filters .wmf file extensions (*.wmf), and a .wmf file is embedded within an Office (OpenXML) file, the .wmf file is not filtered. You can use the following Windows PowerShell extended option to enable the filtering of embedded files within an Office 2007 (OpenXML) file:

New-FsspExtendedOption -Name EnableOOXMLFilter  -Value true

However, if you enable file filtering for OpenXML files in this manner, the entire contents of the OpenXML file are deleted, not just the .wmf file, and an "UnwritableCompressedFile" incident is logged.

Example: Using file-filtering to allow only Microsoft Office documents through

You can use file filter lists in order to disallow some file types and permit others. For example, you can create filter lists that disallow all files, with the exception of Microsoft Office documents. It takes two file filter lists for this to work properly; the steps for creating these two filter lists are described in the following procedures.

Note

Be sure to create the file filter list that permits Office documents first, then the file filter list that disallows all files. This is because the filter lists are applied in the order that they were created (from oldest to newest). You can reorder file filters lists at any time; for details about how to do this, see "Changing the order of file filter lists" in Viewing and managing filter lists.

To create a file filter list that permits Office files

  1. In the Forefront Protection 2010 for SharePoint Administrator Console, click Policy Management, and then under the Filters section, click Filter Lists.

  2. In the Filters – Filter Lists pane, click the Create button.

  3. In the Select Filter Type dialog box, select File and then click Next.

  4. In the Select Your Goal dialog box, select Filter files of specific types AND with specific name patterns and then click Next.

  5. In the Select File Types dialog box, specify the filter list name and filter details:

    1. In the Filter list name box, type a name for the new list.

    2. In the Filter criteria - by file type section, select all Microsoft Office file types (for example, Microsoft Office OpenXML).

  6. In the Select File Names dialog box, in the Filter criteria - by file name section, type * as the file name, click Add, and then click Next. Using * filters all files, regardless of the file name or extension.

  7. In the Realtime Scan, Scheduled Scan, and On-Demand Scan dialog boxes, configure how you want the filter list to be applied to the realtime, scheduled, and on-demand scans:

    1. Using the Enabled drop-down list, select Yes.

    2. Using the Action drop-down list, select Skip detect. Note that this will generate an incident log entry for almost every document.

    3. Using the Quarantine files drop-down list, select No. This avoids adding a large number of quarantined items to the database.

    4. Click Create. The filter list you just created appears on the Filters – Filter Lists pane.

Next, create a filter list to disallow all files. As long as the file filter list that permits Office files through executes first, Office files are permitted and all other files are purged.

To create a filter list that disallows all types of files

  1. In the FPSP Administrator Console, click Policy Management, and then under the Filters section, click Filter Lists.

  2. In the Filters – Filter Lists pane, click the Create button.

  3. In the Select Filter Type dialog box, select File and then click Next.

  4. In the Select Your Goal dialog box, select Filter files with specific name patterns and then click Next.

  5. In the Select File Names dialog box, specify the filter list name and file name:

    1. In the Filter list name box, type a name for the new list.

    2. In the Filter criteria - by file name section, type * as the file name, click Add, and then click Next.

  6. In the Realtime Scan, Scheduled Scan, and On-Demand Scan dialog boxes, configure how you want the filter list to be applied to the realtime, scheduled, and on-demand scans:

    1. Using the Enabled drop-down list, select Yes.

    2. Using the Action drop-down list, select Suspend for the realtime scan and Delete for the scheduled and on-demand scans.

    3. Using the Quarantine files drop-down list, select Yes.

    4. Click Create. The filter list you just created appears on the Filters – Filter Lists pane.

See Also

Concepts

Creating a file filter list