Defining Policies by File Type

Policies have default settings that you can customize to meet your organization's requirements.

To define a policy by file type, from the navigation pane on the left, click Settings > Policies.

For more information about the policies page, see Policies Dashboard.

When defining a policy by file type, you can perform the following actions:

Block the file under all conditions. If selected:

You can edit the default block notification message text, Block Reason.

Additional options may be available for you to set.

The Default Action displays a red dot.

Sanitize the file. If selected:

You can modify the default behavior by customizing the option settings available.

If available, you can edit the default block notification message text, Block Reason.

The Default Action displays a green dot.

Allow the file. The Default Action displays a grey dot.

Add one or more exceptions to the policy. The Exceptions displays the number of exceptions applied to the policy. For more information, see Adding Policy Exceptions.

The following table describes the processing options that are available for each file type:

File Type

Processing Options

PDF

By default, these files are processed for positive selection.

Remove multimedia: Specifies whether multimedia such as embedded video, audio, 3D annotations, and rich media annotations must be removed. Default is checked.

Clean embedded fonts: Specifies whether embedded fonts must be processed. Default is checked.

Block files with suspicious links: Performs a check of all links in the form HTTP:// and HTTPS:// in a PDF document. If any link is found to be suspicious, the file is blocked. The suspicious link is not removed from the file.

When this option is checked, for every file that the Positive Selection® Engine blocks, it issues a block-file containing the reason it was blocked. Accept the default block reason, or edit it. When selected you can edit the Block Reason message. Default is unchecked.

JavaScript handling: Determines how JavaScript, if found in the PDF file, is handled.

Don't do anything

Remove only suspicious scripts

Remove all scripts (this is the default)

Image

By default, these files are processed for positive selection.

Add micro-changes: Adds security noise to images during processing. Default is checked.

Note

Increasing the noise level might enlarge the processed files, particularly in the case of png files. Unselecting noise level (off) usually preserves an image file size.

Remove metadata: Removes EXIF metadata from JPEG and TIFF images. Default is unchecked.

Max compression for lossless formats: Compresses lossless image formats (PNG, BMP, and RAW) by 100%. Default is checked.

Compression level: The processed image is compressed to preserve a reasonable image file size. You select one of four compression levels (from low to high) that trade off file size with image quality. The lower the compression level, the larger the file, and the higher the image quality. The higher the compression level, the smaller the file, and the lower the image quality. Default is 25% compression.

Binary

The processing option is not relevant to managing binary files. You either block binary files or allow them.

Archive

By default, these files are processed for positive selection.

Block zip bomb: Detects and blocks zip files with abnormal compression ratio. These might pose a denial of service threat, consuming system resources such as CPU or disk. Any zip files with compression ratio higher than 99.8% will be considered a zip bomb and be blocked. When selected you can edit the Block Reason message. Default is checked.

RTF

By default, these files are processed. There are no specific processing options.

By default, these files are processed for positive selection.

Block files with suspicious links: Performs a check of all links in the form HTTP:// and HTTPS:// in the body and attachments of an email. If any link is found to be suspicious, it is removed from the file. When selected you can edit the Block Reason message. Default is unchecked.

Microsoft Office

Note

nPositive selection processing applies to Microsoft Office files and their embedded objects.

nEach attached file is processed recursively by running all policy rules on it.

By default, these files are processed for positive selection.

Block files with suspicious links: Performs a check of all links in the form HTTP:// and HTTPS:// in Microsoft Word files. If any link is found to be suspicious, it is removed from the file. When selected you can edit the Block Reason message. Default is unchecked.

Note

This option is available for DOC/DOCX/XLSX file types only.

Macro handling.

In the list, choose one of the following:

Don't do anything

Remove only suspicious macros: Remove all macros only if any suspicious code is found.

Remove all macros: Remove all macros from the document.
This is the default option.

Block documents containing suspicious macros: Block the entire document if suspicious code is found in the macro.

Note

Excel files with 4.0 macro (also known as sheet macro) are automatically blocked. It is common practice to use VBA macros. Excel files with VBA macros are checked for suspicious code (see options above).

Remove metadata: Removes metadata, such as Author, Company, LastSavedBy, and so on. Default is unchecked.

Remove printer settings: Removes the printerSettings1.bin (printer settings) embedded in a .xlsx file. Default is checked.

Text

By default, these files are processed for positive selection.

Block CSV with threat formula: Blocks CSV files that contain formula injections.When selected you can edit the Block Reason message. Default is checked.

Media

The user can set Media file policy exceptions.

Open Document

The user can set Open Document file policy exceptions. By default, these files are sanitized. During the sanitization, the macros will not be preserved.

Other files

By default, these files are blocked. You can edit the Block Reason message.

There are no specific sanitization processing options.

HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download
HTML 4 zen.4.log-843002475.zip
6 KB Download

Articles in this section

Defining Policies by File Type

Defining Policies by File Type

Comments

Articles in this section

Defining Policies by File Type

Related articles