To configure native file blocking, you create a policy and then configure it with a list of file extensions to block.
The CIFS protocol needs to be licensed and configured.
To create a screening policy named "mp3blocker", enter the following command: fpolicy create mp3blocker screen
PolicyName is the name of the policy that you want to add operations to.
protocols is the set of protocols that you want to enable monitoring for. Use cifs to monitor CIFS requests, nfs to monitor NFS requests, or cifs,nfs to monitor both.
-f forces the policy to be enabled even if there are no servers available to enforce the policy.
op-spec is the list of operations you want to add.
To replace the mp3blocker policy list of operations monitored for CIFS and NFS operations, enter the following command: fpolicy monitor set mp3blocker -p cifs,nfs create,rename
Specify the create option to prevent creation of mp3 files. In addition, to ensure that an mp3 file is not copied onto the storage system with a different extension and renamed, also specify the rename option.
To enable the FPolicy mp3blocker, enter the following command: fpolicy enable mp3blocker
After completing the steps, if a client tries to perform an operation that uses a blocked file, the operation fails and a STATUS_ACCESS_DENIED error code is sent.