Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Forcepoint DLP Predefined Policies and Classifiers > Data Loss Prevention policies > Data Theft Risk Indicators > Indicators of Compromise
Indicators of Compromise
Predefined Policies and Classifiers | Forcepoint DLP | v8.4.x
*
.REG Files
Policy for detecting .REG files (Windows Registry files). The rule for this policy is:
*
.REG File
*
Database Dumps/Backup Files
Policy for detecting records of SQL table data extracted from a database. The rules for this policy are:
*
Database Dumps/Backup Files: MySQL-Format Database Dump (Wide)
*
Database Dumps/Backup Files: MySQL-Format Database Dump (Default)
*
Database Dumps/Backup Files: Microsoft Tape Format
*
Encrypted Files
Policy for detection of desktop encrypted files. Should be complemented with the unknown file type policy for unknown encryption formats. The rules for this policy are:
*
Encrypted File: Word Binary File (Legacy)
*
Encrypted File: Excel Binary File (Legacy)
*
Encrypted File: Access Database File (Legacy)
*
Encrypted File: Microsoft Office Encrypted Files (OOXML)
*
Encrypted File: PowerPoint Binary File (Legacy)
*
Encrypted File: PDF - encrypted
*
Encrypted File: ZIP archive - encrypted
*
Encrypted File: RAR archive - encrypted
*
Encrypted File: PGP signed and encrypted data format
*
Encrypted File: PGP encrypted data format
*
Encrypted File: Encrypted data of unknown format
*
Password Files
Searches for outbound password files, such as SAM database and UNIX/Linux password files. The rules for this policy are:
*
Password Files: General files
*
Password Files: .htpasswd Files (Default)
*
Password Files: .htpasswd Files (Narrow)
*
Password Files: .htpasswd Files (Wide)
*
Password Files: Password Files
*
Password Files: Password Files (Wide)
*
Password Files: SAM Files (Default)
*
Password Files: SAM Files (Narrow)
*
Password Files: SAM Files (Wide)
*
Password Files: Shadow Files
*
Password Files: Shadow Files (Wide)
*
PKCS #12 Files
Policy for detecting PKCS #12 files (.p12, .pfx) that are commonly used to bundle a private key with its X.509 certificate. The rule for this policy is:
*
PKCS #12 Files
*
Suspected Malware Communication
Identifies traffic that is thought to be malware "phoning home" or attempting to steal information. Detection is based on the analysis of traffic patterns from known infected machines. Applies only when Forcepoint Web Security is installed. Rules in this policy include:
*
Suspected Malware Communication (Wide)
*
Suspected Malware Communication (Default)
*
Suspected Malicious Dissemination
Policy for the detection of a suspected malicious content dissemination such as: encrypted or manipulated information, passwords files, credit card tracks, suspected applications and dubious content such as information about the network, software license keys, and database files. The rules for this policy are:
*
Counter Malicious: Encrypted Files (Known Format)
*
Counter Malicious: Generic Encryption Detection (Wide)
*
Counter Malicious: Generic Encryption Detection (Default)
*
Counter Malicious: IT Asset Information
*
Counter Malicious: Malicious Concealment
*
Counter Malicious: Password Files
*
Counter Malicious: Password Information
*
Counter Malicious: Suspected Applications (Steganography and Encryption)

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Forcepoint DLP Predefined Policies and Classifiers > Data Loss Prevention policies > Data Theft Risk Indicators > Indicators of Compromise
Copyright 2017 Forcepoint. All rights reserved.