Hi all,
I've got a Fortigate 200E Cluster running with FortiOS 5.4.4.
I was trying to block Javascript files that are contained in Zip Archives
but i dont want to block all Javascript or all Zip Archives.
Is it possible to block those files only in this particular condition?
The background: a flood of Emails with links to such files and if a user opens the zip and launches the js it triggers a download
of an disguised maleware witch will be renamed by the script to an *.exe file and then be executed.
pretty hard to detect
Please help
Regards,
the giraffe that wasnt president
sudo apt-get-rekt
Hi,
I have also been looking for this, and it might be possible with an IPS signature, but I dont think there is a way in DLP.
While I´m searching I have turned off the possibility to run .js files on our computers via "Software Restrictions" in Group Policy Management.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Hi,
unfortunately you are right there is no way in dlp to solve this.
it would be very appreciated if fortinet would make an "and"/"or" rule to combine the filters in the sensor.
your "work around" does it very well and it doesnt affect the .js files that are executed in the browser what i was afraid of.
thanks for you comment and for the hint .
Regards
the giraffe that wasnt president
sudo apt-get-rekt
no problem ;)
You can also do the same for .vbs but make sure no software is using it, then you need to do an exception.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.