Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 8 subscribers
  • Views 1849 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking of "any other" extentions in DLP

Kandarp Desai1

Hi,

As of now there are some 20-30 file types that can be monitored or blocked by Sophos DLP. 

Is it possible to exclude some file types and then block "any other" extentions. Meaning for example I want to allow only documents to be able to transfer and DLP should block any other file type from being uploaded. Is this possible ?

Basically this is to prevent any users from renaming extensions to bypass the DLP policy. They can simply rename .doc to .xyz and bypass the policy.



This thread was automatically locked due to age.
Parents
  • +1

    Hello Kandarp Desai1,

    I'm not using Central but while Central Admin is different from SEC's Console I assume from the respective documentation that they provide the same options w.r.t. DLP. Though Central Admin Help doesn't mention support for wildcards in file names I think it's there.

    exclude some file types and then block "any other"
    guess it's the other way round - you block everything except what's specified in the exclusions [:)]

    [allow types but] block extensions
    please note that extensions apply to file names whereas file types are independent of the name/extension, they refer to the actual content.

    At least with SEC the following works:

    1. add a file rule with a single asterisk for the name (indeed this seems to cover all names, SEC's console rejects *.* and a question mark seems to match exactly one letter)
    2. specify the desired destination(s)
    3. exclude the desired type(s)

    It's not too complicated to perform some tests with removable storage as destination.
    [Edit]Forgot to mention: If you rename, say, a .docx to .wav it is nevertheless permitted, v.v. a .exe renamed to .pdf is still blocked.[/Edit]

    As you say uploaded please note that in addition to the Limitations mentioned here certain folders with their subfolders (notably parts of the \User area) are exempted from scanning (while there have been changes in the details since then the basic message is still true).

    Christian

Reply
  • +1

    Hello Kandarp Desai1,

    I'm not using Central but while Central Admin is different from SEC's Console I assume from the respective documentation that they provide the same options w.r.t. DLP. Though Central Admin Help doesn't mention support for wildcards in file names I think it's there.

    exclude some file types and then block "any other"
    guess it's the other way round - you block everything except what's specified in the exclusions [:)]

    [allow types but] block extensions
    please note that extensions apply to file names whereas file types are independent of the name/extension, they refer to the actual content.

    At least with SEC the following works:

    1. add a file rule with a single asterisk for the name (indeed this seems to cover all names, SEC's console rejects *.* and a question mark seems to match exactly one letter)
    2. specify the desired destination(s)
    3. exclude the desired type(s)

    It's not too complicated to perform some tests with removable storage as destination.
    [Edit]Forgot to mention: If you rename, say, a .docx to .wav it is nevertheless permitted, v.v. a .exe renamed to .pdf is still blocked.[/Edit]

    As you say uploaded please note that in addition to the Limitations mentioned here certain folders with their subfolders (notably parts of the \User area) are exempted from scanning (while there have been changes in the details since then the basic message is still true).

    Christian

Children
Unfiltered HTML