Articles in this section

Defining Policies by File Type

Ori Bargadda
  • Updated
Follow

Defining Policies by File Type

Policies have default settings that you can customize to meet your organization's requirements.

To define a policy by file type, from the navigation pane on the left, click Settings > Policies.

For more information about the policies page, see Policies Dashboard.

When defining a policy by file type, you can perform the following actions:

n Block the file under all conditions. If selected:
t You can edit the default block notification message text, Block Reason.
t Additional options may be available for you to set.
t The Default Action displays a red dot.
n Sanitize the file. If selected:
t You can modify the default behavior by customizing the option settings available.
t If available, you can edit the default block notification message text, Block Reason.
t The Default Action displays a green dot.
n Allow the file. The Default Action displays a grey dot.
n Add one or more exceptions to the policy. The Exceptions displays the number of exceptions applied to the policy. For more information, see Adding Policy Exceptions.

The following table describes the processing options that are available for each file type:

File Type

Processing Options
PDF

By default, these files are processed for positive selection.

n Remove multimedia: Specifies whether multimedia such as embedded video, audio, 3D annotations, and rich media annotations must be removed. Default is checked.
n Remove metadata: Specifies whether metadata must be removed. Metadata includes information about the document, such as author, keywords, copyright information, etc. Default is unchecked.
n Clean embedded fonts: Specifies whether embedded fonts must be processed. Default is checked.
n Block files with suspicious links: Performs a check of all links in the form HTTP:// and HTTPS:// in a PDF document. If any link is found to be suspicious, the file is blocked. The suspicious link is not removed from the file.

When this option is checked, for every file that the Positive Selection® Engine blocks, it issues a block-file containing the reason it was blocked. Accept the default block reason, or edit it. When selected you can edit the Block Reason message. Default is unchecked.

n JavaScript handling: Determines how JavaScript, if found in the PDF file, is handled.
t Don't do anything
t Remove only suspicious scripts
t Remove all scripts (this is the default)

Image

By default, these files are processed for positive selection.

n Add micro-changes: Adds security noise to images during processing. Default is checked.

Note 

Increasing the noise level might enlarge the processed files, particularly in the case of png files. Unselecting noise level (off) usually preserves an image file size.

n Remove metadata: Removes EXIF metadata from JPEG, JPG and TIFF images. Default is unchecked.
n Remove external image: Removes references to external image files in SVG image files. Default is unchecked.
n Max compression for lossless formats: Compresses lossless image formats (PNG, BMP, and RAW) by 100%. Default is checked.
n Compression level: The processed image is compressed to preserve a reasonable image file size. You select one of four compression levels (from low to high) that trade off file size with image quality. The lower the compression level, the larger the file, and the higher the image quality. The higher the compression level, the smaller the file, and the lower the image quality. Default is 25% compression.

Binary

The processing option is not relevant to managing binary files. You either block binary files or allow them.

Archive

By default, these files are processed for positive selection.

Block zip bomb: Detects and blocks zip files with abnormal compression ratio. These might pose a denial of service threat, consuming system resources such as CPU or disk. Any zip files with compression ratio higher than 99.8% will be considered a zip bomb and be blocked. When selected you can edit the Block Reason message. Default is checked.

CAD Remove VBA Macros: Removes VBA macros from the file. Default is unchecked.

RTF

By default, these files are processed. There are no specific processing options.

Email

By default, these files are processed for positive selection.

n Remove suspicious links in Email body: The system will scan each URL in the email body, and if a suspicious link was found, the link will be removed and will be replaced with the following text: “This link was removed because it is a malicious URL”.

Microsoft Office

Note

nPositive selection processing applies to Microsoft Office files and their embedded objects.

nEach attached file is processed recursively by running all policy rules on it.

By default, these files are processed for positive selection.

n Block files with suspicious links: Performs a check of all links in the form HTTP:// and HTTPS:// in Microsoft Word files. If any link is found to be suspicious, it is removed from the file. When selected you can edit the Block Reason message. Default is unchecked.

Note 

This option is available for DOC/DOCX/XLSX file types only.

n Macro handling.

In the list, choose one of the following:

t Don't do anything
t Remove only suspicious macros: Remove all macros only if any suspicious code is found.
t Remove all macros: Remove all macros from the document.
This is the default option.
t Block documents containing suspicious macros: Block the entire document if suspicious code is found in the macro.

Note

Excel files with 4.0 macro (also known as sheet macro) are automatically blocked. It is common practice to use VBA macros. Excel files with VBA macros are checked for suspicious code (see options above).

n Remove metadata: Removes metadata, such as Author, Company, LastSavedBy, and so on. Default is unchecked.
n Remove printer settings: Removes the printerSettings1.bin (printer settings) embedded in a .xlsx file. Default is checked.
n Remove external links: Removes links that can point to locations external to the office files. If unchecked (default), suspicious elements are not detected.
n Block files with Dynamic Data Exchange (DDE): Blocks all files with DDE. Default is unchecked.

Text

Note 

XML and JSON files are processed according to the Text files policy.

By default, these files are processed for positive selection. If any suspicious activity is detected, the file is blocked. If no suspicious activity is detected, the text file is preserved (the file hash will remain the same).

Block CSV with threat formula: Blocks CSV files that contain formula injections.When selected you can edit the Block Reason message. Default is checked.
Media

The user can set Media file policy exceptions.

n Remove metadata: Removes metadata from media files. Default is unchecked.
Open Document The user can set Open Document file policy exceptions. By default, these files are sanitized. During the sanitization, the macros will not be preserved.

Other files

By default, these files are blocked. You can edit the Block Reason message.

There are no specific sanitization processing options.

Related articles

Comments

0 comments

Please sign in to leave a comment.