Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?
A. enable DLP and select.exe and .bat file type
B. enable .exe & .bat protection in IPS Policy
C. create FW rule for particular protocol
D. tecli advanced attributes set prohibited_file_types exe.bat
D is correct
This is a syntax to block file types :
# tecli advanced attribute set prohibited_file_types ,
D is correct.
see Check Point Sandblast PoC guide v91
another syntax is mentioned in
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk123140