Defining Policy by Case
When defining a policy by case, you can perform the following actions:
|n||Block the file|
|n||Skip the file|
|n||Add one or more exceptions to the policy. For more information, see Defining Exceptions.|
If you choose to block the case, you can:
|n||Set additional options if they are provided (as in the image above)|
|n||Edit the default block reason text|
After you save the settings for the case, the display updates to show the action symbol in the Default Action column and the number of exceptions in the Exceptions column.
The following table describes the sanitization options that are available for each case:
Specifies which antivirus engines scan the files for malware.
If none of the options is checked, antivirus scanning is skipped.
Specifies how to handle any file whose extension does not match the file type.
By default, the check for fake files is skipped, but the files themselves undergo full sanitization -- fake files thus pose no threat at all.
Specifies how to handle data files or unidentified file types.
You can block or skip these.
If you select Skip, the unknown file is not sanitized and the original version will reach the destination folder.
Select the Send all unrecognized files to Fortinet sandbox to send unknown files to Fortinet's sandbox.
Processing by the sandbox might affect performance.
Specifies how to handle password-protected files.
You can block or sanitize these files. By default, the files are sanitized.
When the files are blocked, Disarmer issues a block-file containing the reason it was blocked. The notification contains a link that opens a web page where the password can be entered. When the correct password is entered, the blocked file returns to the Disarmer server, and is sanitized. The sanitized file is then downloaded to the user's computer, or sent by email as an attachment.
The password protection case in the Management Dashboard provides:
This feature supports the following file types only: PDF, ZIP, 7zip, RAR, DOC, DOCX, DOT, DOTX, DOCM, DOTM, XLS, XLT, XLSX, XLTX, XLSM, PPT, PPS, POT, PPTX, PPSX, POTX and PPTM. It does not work on other file types that can be protected by a password, such as Visio files.
Instructions for Email User
The Disarmer administrator should communicate the following information and instructions to the users.
An email message with password protected files attached can be sanitized and returned as an email attachment, or as a download.
The user receives a message on screen that a password protected file has been received. The user inputs the password and clicks Get File.
The password protected file is sanitized and attached to the email. This is distributed to all named recipients. If Disarmer has already sanitized and returned password protected files, additional users requesting files to be sanitized will be advised that sanitzation has already taken place.
This feature supports the use of one password per email.
Specifies how to handle large files.
You can set the minimum size of files you want to block.
When this option is checked, for every file that Disarmer blocks, it issues a block-file containing the reason it was blocked. Accept the default text or edit it.
Specifies how to handle nested files.
You can set a layer number. Files that are found in that layer or deeper are blocked.
|Special Case||Specifies a custom policy.||You can load a special case policy, created externally. For more information, see Defining Policy Based on Special Cases.|