Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Enforcement based on file analysis
Web Security Help | Web Security Solutions | Version 7.8.x
Related topics:
If user traffic passes through Websense Content Gateway or the hybrid service, requested files are analyzed to define their type when all of the following are true:
1.
2.
3.
In this case, the file type returned for policy enforcement describes the purpose or behavior of similar files, independent of extension. So attempts to disguise an executable by giving it a ".txt" or other innocuous file extension are prevented by file type analysis.
File type definitions are maintained in the analytics databases, and may be changed as part of the Content Gateway database or hybrid service update process.
The file types identified by file analysis are:
When a user requests a site, Websense Web Security Gateway solutions first determine the site category, and then check for filtered file types (first by extension, then by analysis).
 
Note 
Starting in v7.8.3, if compressed files are permitted, when a compressed file is selected for download, its contents are analyzed. Policy enforcement is then based on the file type assigned to the content of the compressed archive. For example, if compressed files are permitted, but executable files are blocked, when a user attempts to download a compressed file, the contained files are analyzed. If the compressed file contains an executable file, the download is blocked based on the executable file type. Or if the compressed file contains a file that is determined to be malicious, the download is blocked.
 
Note 
When a user tries to access a blocked file type, the Reason field on the Websense block page indicates that the file type was blocked (see Block Pages).
The standard block page is not displayed if a blocked image comprises just a portion of a permitted page. Instead, the image region appears blank. This avoids the possibility of displaying a small portion of a block page in multiple locations on an otherwise permitted page.
To view existing file extensions in a file type, edit file types, or create custom file types for enforcement by extension, go to Policy Management > Filter Components, and then click File Types. See Working with file type definitions for more information.
To enable file type blocking, see Enabling file type blocking in a category filter.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Copyright 2016 Forcepoint LLC. All rights reserved.