File policy is unable to block exe files when renamed to txt extension and have inconsistent blocking behaviour.

• Files configured to be blocked (7z, msi, cpl, chm, exe, and zip) are still being downloaded intermittently.
• An executable file (example.exe) renamed with a .txt extension (example.exe.txt) was allowed to be downloaded, bypassing the policy.
• Renaming any blocked file to .txt bypasses it from file block policy.

• Prisma Access
• Strata NGFW
• PanOS 11.2.3 and below.

• The files are being transferred with the encoding brotli which is supported on starting from PanOS version 11.2.4 and above only.
• The tests were being done by a self hosted server by the end customer which supported and preferred brotli and zstd encoding not supported for file policy on 11.2.3 or below versions.

1. Verify your platform's minimum required PAN-OS version and upgrade it to support Brotli decompression.
2. Additional command line changes are needed to enable the brotli encoding support. 
3. zstd encoding is not yet supported on the PanOS. A feature request is already in place requesting the support. 

Use the browser debugging to check what type of encoding is used while downloading the file in the response header.

Example for br encoding.

And for zstd which is currently not supported.