Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Refine Web Security Policies > Managing traffic based on file type > Enforcement based on file analysis
Enforcement based on file analysis
Web Security Help | Web Security Solutions | Version 7.8.x
Related topics:
*
Enabling file type blocking in a category filter
*
Security threats: File analysis
If user traffic passes through Websense Content Gateway or the hybrid service, requested files are analyzed to define their type when all of the following are true:
1.
A user requests a URL in a permitted category.
2.
File type blocking is enabled for the category in the active category filter.
3.
There is no file extension match in a blocked file type (see Enforcement based on file extension).
In this case, the file type returned for policy enforcement describes the purpose or behavior of similar files, independent of extension. So attempts to disguise an executable by giving it a ".txt" or other innocuous file extension are prevented by file type analysis.
File type definitions are maintained in the analytics databases, and may be changed as part of the Content Gateway database or hybrid service update process.
The file types identified by file analysis are:
File Type
Description
Compressed files
Files that have been packaged to take up less space, like ZIP, RAR, or JAR archives.
Documents
Binary document formats, like DOCX or PDF.
Executables
Programs that can be run on your machine, like EXE or BAT files.
Images
Picture formats, like JPG, BMP, and GIF.
Multimedia
Audiovisual formats, like MP3, WMV, and MOV.
Rich Internet Applications
Web applications that run in a browser, like Flash.
Text
Unformatted textual material, like HTML and TXT files.
Threats
Malicious applications that could harm your machine or network, like spyware, worms, or viruses.
When a user requests a site, Websense Web Security Gateway solutions first determine the site category, and then check for filtered file types (first by extension, then by analysis).
 
* 
Note 
When multiple group policies could apply to a user request, file type blocking is not performed.
Starting in v7.8.3, if compressed files are permitted, when a compressed file is selected for download, its contents are analyzed. Policy enforcement is then based on the file type assigned to the content of the compressed archive. For example, if compressed files are permitted, but executable files are blocked, when a user attempts to download a compressed file, the contained files are analyzed. If the compressed file contains an executable file, the download is blocked based on the executable file type. Or if the compressed file contains a file that is determined to be malicious, the download is blocked.
 
* 
Note 
The .xz file format is not supported for compressed file analysis.
When a user tries to access a blocked file type, the Reason field on the Websense block page indicates that the file type was blocked (see Block Pages).
The standard block page is not displayed if a blocked image comprises just a portion of a permitted page. Instead, the image region appears blank. This avoids the possibility of displaying a small portion of a block page in multiple locations on an otherwise permitted page.
To view existing file extensions in a file type, edit file types, or create custom file types for enforcement by extension, go to Policy Management > Filter Components, and then click File Types. See Working with file type definitions for more information.
To enable file type blocking, see Enabling file type blocking in a category filter.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Refine Web Security Policies > Managing traffic based on file type > Enforcement based on file analysis
Copyright 2016 Forcepoint LLC. All rights reserved.