I didn't know this feature was there until yesterday. I've read the docs and they don't talk much about it. What is the file filter supposed to look like? is *.exe ok? what triggers this to be vaulted?

I have used Zen for Servers "forbidden file policy" in the past to deal with inappropriate file types on users Home Directories, but someone brought it to my attention that you can do the same thing, and possibly more with NSM. I'd like to understand how.