Filtering files by file type

You can filter certain file types in Microsoft Forefront Protection 2010 for SharePoint (FPSP). To filter by file type, set the Filter criteria - by file type selection to the exact file type you want to filter, and then type an asterisk (*) as the file name.

For example, you can set the file type to PKZip, and then type * as the file name. This ensures that all PKZip files are filtered, no matter what their file name or extension.

One advantage of using the * wildcard and associating it with a specific file type (for example, PKZip) is that it prevents users from bypassing the filter by changing the extension or name of a file. Also, FPSP works more efficiently if you select the appropriate file type rather than selecting all file types.

For more information about file types you can use in creating file filters, see File types used in creating file filters.

Note:
For Microsoft Office 2007 documents (for example, Word, Excel, and PowerPoint), you should use the proper file extension in the Filter Criteria - By File Name box and then in the Filter Criteria - By File Type list, click Microsoft Office OpenXML.

Note:
Embedded files within a Microsoft Office 2007 (OpenXML) file are not filtered. For example, if you create a file filter list that filters .wmf file extensions (*.wmf), and a .wmf file is embedded within an Office (OpenXML) file, the .wmf file is not filtered. You can use the following Windows PowerShell extended option to enable the filtering of embedded files within an Office 2007 (OpenXML) file:

Note:

Embedded files within a Microsoft Office 2007 (OpenXML) file are not filtered. For example, if you create a file filter list that filters .wmf file extensions (*.wmf), and a .wmf file is embedded within an Office (OpenXML) file, the .wmf file is not filtered. You can use the following Windows PowerShell extended option to enable the filtering of embedded files within an Office 2007 (OpenXML) file:

New-FsspExtendedOption -Name EnableOOXMLFilter -Value true

However, if you enable file filtering for OpenXML files in this manner, the entire contents of the OpenXML file are deleted, not just the .wmf file, and an "UnwritableCompressedFile" incident is logged.

Filtering files by selecting all file types

If you want to select all file types for a file filter list, it is recommended that you use PowerShell since it handles the search for all file types more efficiently than if you click Select All for the Filter criteria - by file type selection in the user interface. When you click Select All for the Filter criteria - by file type selection, FPSP only filters the file types listed in File types used in creating file filters, whereas PowerShell enables you to filter every possible file type.

To filter files by all file types

Click Start, point to All Programs, point to Microsoft Forefront Server Protection, and then click Forefront Management Shell.
To select all file types for a new file filter list, type the following command:

New-FsspFilterList –File –List ListName -FileType "ALL"

If you want to select all file types for a new file filter list, while also filtering on all files with an .exe file extension, you would type the following command:

New-FsspFilterList –File –List ListName –Item “*.exe*" -FileType "ALL"

Note:

To configure an existing file filter list, use the Set-FsspFilterList cmdlet. It uses the same syntax.

Note:
To configure an existing file filter list, use the `Set-FsspFilterList` cmdlet. It uses the same syntax.

Example: Using file-filtering to allow only Microsoft Office documents through

You can use file filter lists in order to block some file types and permit others. For example, you can create filter lists that block all files, with the exception of Microsoft Office documents. It takes two file filter lists for this to work properly; the steps for creating these two filter lists are described in the following procedures.

Note:
Be sure to create the file filter list that permits Office documents first, then the file filter list that blocks all files. This is because the filter lists are applied in the order that they were created (from oldest to newest). You can reorder file filters lists at any time; for details about how to do this, see "Changing the order of file filter lists" in Viewing and managing filter lists.

To create a file filter list that permits Office files

In the Forefront Protection 2010 for SharePoint Administrator Console, click Policy Management, and then under the Filters section, click Filter Lists.
In the Filters – Filter Lists pane, click the Create button.
In the Select Filter Type dialog box, select File and then click Next.
In the Select Your Goal dialog box, select Filter files of specific types AND with specific name patterns and then click Next.
In the Filter Details dialog box, specify the filter list name and filter details:
1. In the Filter list name box, type a name for the new list.
2. In the Filter criteria - by file type section, select all Microsoft Office file types (for example, Microsoft Office OpenXML).
3. In the Filter criteria - by file name section, type * as the file name, click Add, and then click Next. Using * filters all files, regardless of the file name or extension.
In the Target dialog box, configure how you want the filter list to be applied to the realtime, scheduled, and on-demand scans:
1. Using the Enabled drop-down list, select Yes.
2. Using the Action drop-down list, select Skip detect. Note that this will generate an incident log entry for almost every document.
3. Using the Quarantine files drop-down list, select No. This avoids adding a large number of quarantined items to the database.
4. Click Create. The filter list you just created appears on the Filters – Filter Lists pane.

Next, create a filter list to block all files. As long as the file filter list that permits Office files through executes first, Office files are permitted and all other files are purged.

To create a filter list that blocks all types of files

In the FPSP Administrator Console, click Policy Management, and then under the Filters section, click Filter Lists.
In the Filters – Filter Lists pane, click the Create button.
In the Select Filter Type dialog box, select File and then click Next.
In the Select Your Goal dialog box, select Filter files with specific name patterns and then click Next.
In the Select File Names dialog box, specify the filter list name and file name:
1. In the Filter list name box, type a name for the new list.
2. In the Filter criteria - by file name section, type * as the file name, click Add, and then click Next.
In the Target dialog box, configure how you want the filter list to be applied to the realtime, scheduled, and on-demand scans:
1. Using the Enabled drop-down list, select Yes.
2. Using the Action drop-down list, select Block for the realtime scan and Delete for the scheduled and on-demand scans.
3. Using the Quarantine files drop-down list, select Yes.
4. Click Create. The filter list you just created appears on the Filters – Filter Lists pane.

Filtering files by selecting all file types

Example: Using file-filtering to allow only Microsoft Office documents through

Related Topics

Concepts