Hi, I have a small office network that I want to prevent from getting or spreading viruses and malware. So I need to block some file extension from being transfered or copied like .exe, .dll and .bat from and to all the PC in the local network. You know when a PC in a network got a virus it will try to copy .exe files to all shared drive and folder in the network. Is there a way to block them?
No, not in routerOS.
First, operations in the local network usually don’t pass the router.
Second, there is no way to block transfers by file extension in routerOS, you’d need an advanced L7 firewall (that could even prevent that content from coming into your network).
Best idea would be either blocking those extensions on your file server directly and, even more important, get a decent antivirus/antimalware protetcion for all clients and the file server itself.
-Chris
There is but not using Mikrotik (at least alone). From Mikrotik’s firewall capabilities, layer7 rules are closest to what you’d need but not enough - too many false positives on one hand, too short inspection window (first few packets of each TCP session if we talk about SMB) on the other hand.
Too bad then, I thought there’s a way to block it with MikroTik. Just so the viruses or malware won’t get in to my data server. Thanks for the reply anyway guys.
Proxy can be used to deny access to specific file types.
True, but only on http. Which is not the case on drive shares.
-Chris