Blocking of "any other" extentions in DLP

Question

Hi, 
 As of now there are some 20-30 file types that can be monitored or blocked by Sophos DLP. 
 Is it possible to exclude some file types and then block "any other" extentions. Meaning for example I want to allow only documents to be able to transfer and DLP should block any other file type from being uploaded. Is this possible ? 
 Basically this is to prevent any users from renaming extensions to bypass the DLP policy. They can simply rename .doc to .xyz and bypass the policy.

QC · Accepted Answer

Hello Kandarp Desai1 , 
 I'm not using Central but while Central Admin is different from SEC's Console I assume from the respective documentation that they provide the same options w.r.t. DLP. Though Central Admin Help doesn't mention support for wildcards in file names I think it's there. 
 exclude some file types and then block "any other" guess it's the other way round - you block everything except what's specified in the exclusions [:)] 
 [allow types but] block extensions please note that extensions apply to file names whereas file types are independent of the name/extension, they refer to the actual content. 
 At least with SEC the following works: 
 
 add a file rule with a single asterisk for the name (indeed this seems to cover all names, SEC's console rejects *.* and a question mark seems to match exactly one letter) 
 specify the desired destination(s) 
 exclude the desired type(s) 
 
 It's not too complicated to perform some tests with removable storage as destination. [Edit]Forgot to mention: If you rename, say, a .docx to .wav it is nevertheless permitted, v.v. a .exe renamed to .pdf is still blocked.[/Edit] 
 As you say uploaded please note that in addition to the Limitations mentioned here certain folders with their subfolders (notably parts of the \User area) are exempted from scanning (while there have been changes in the details since then the basic message is still true). 
 Christian