0

Is it possible to prevent the download and execution of files with a .exe extension using 365? I've searched across Endpoint Manager, Defender for Endpoint and Defender for Cloud Apps but can't see an obvious way of doing this.

Most of my searches suggest using AppLocker but this would only solve half the problem (blocking execution of the file).

Is there any way using Microsoft 365 technology to block the download and execution of files based on their extension?

alexthannah
  • 109
  • 2
  • 8

1 Answers1

0

You can try using Edge's relevant group policy or registry to achieve your needs. I think this should help you. Please refer to this policy document: Allow download restrictions.

It can be known in the documentation that the danger level of exe type files is ALLOW_ON_USER_GESTURE, so you can change the group policy or registry information I mentioned above to 2, which will block potentially dangerous or unwanted downloads and dangerous file types.

And the path of this registry is at: SOFTWARE\Policies\Microsoft\Edge\Recommended, if it doesn't exist, you can create it as REG_DWORD type, set its value will be ok. In the same way, you can do it via group policy.

Xudong Peng
  • 1,463
  • 1
  • 4
  • 9
  • Thanks for your response. Whilst changing this policy would block the download of exe's, it will also block the download of all file types with a danger_level of 'ALLOW_ON_USER_GESTURE'. I'm looking to find a solution that will let me define the file extensions that are blocked. E.g. blocking .exe ONLY. Is it possible to customise the 'download_file_types.asciipb' file? Or does every instance of Edge adopt this specific file by default? – alexthannah Jun 22 '22 at 09:49
  • Yes, you reminded me. If that's the case, I'm afraid I can't think of any other way. Maybe there are other community members who can help you. In addition, you can send feedback to the relevant team on this issue, just press `Shift+ Alt + I` in Edge to edit your suggestions and send it. – Xudong Peng Jun 24 '22 at 07:29