I have a follow-on question to this item. Over the past couple of days I've done some testing using our lab SharePoint server, and from what I see, file types not in the list *are* permitted to be uploaded to the SharePoint server even when the policy is in blocking mode, Policy Builder is disabled, list entries are not in staging, and the wildcard entry is removed. If PB is enabled, then the new file type is learned, but if it's not enabled, the new file type does not appear in the list, but the upload to SharePoint is permitted.
What *does* seem to be blocked is files with parameters that exceed what's allowed, e.g., file names that are too long. In looking at the actual HTTP commands, it appears this is because when the file is upload to SharePoint, the actual URL that's sent is an ".aspx" name, which is one of the first things added to the allowed file types list.
I suppose my question is whether this is correct (which contradicts what's stated above) or have I missed something glaring that would explain this behavior? This wasn't at all what I expected to see, and I spent a lot of time painstakingly re-testing to make sure this was consistent behavior.
John