Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Refine Your Policies > Managing traffic based on file type > Enforcement based on file analysis
Enforcement based on file analysis
Administrator Help | Forcepoint Web Security | v8.5.x
Related topics:
If user traffic passes through Content Gateway or the hybrid service, requested files are analyzed to define their type when all of the following are true:
1.
2.
3.
In this case, the file type returned for policy enforcement describes the purpose or behavior of similar files, independent of extension. So attempts to disguise an executable by giving it a ".txt" or other innocuous file extension are prevented by file type analysis.
File type definitions are maintained in the analytics databases, and may be changed as part of the Content Gateway database or hybrid service update process.
The file types identified by file analysis are:
When a user requests a website, on-premises or hybrid components first determine the site category, and then check for blocked file types (first by extension, then by analysis).
 
Note 
If compressed files are permitted, when a compressed file is selected for download, its contents are analyzed. Policy enforcement is then based on the file type assigned to the content of the compressed archive. For example, if compressed files are permitted, but executable files are blocked, when a user attempts to download a compressed file, the contained files are analyzed. If the compressed file contains an executable file, the download is blocked based on the executable file type. Or if the compressed file contains a file that is determined to be malicious, the download is blocked.
 
Note 
When a user tries to access a blocked file type, the Reason field on the block page indicates that the file type was blocked (see Block Page Management).
The standard block page is not displayed if a blocked image comprises just a portion of a permitted page. Instead, the image region appears blank. This avoids the possibility of displaying a small portion of a block page in multiple locations on an otherwise permitted page.
To view existing file extensions in a file type, edit file types, or create custom file types for enforcement by extension, go to Policy Management > Filter Components, and then click File Types. See Working with file type definitions for more information.
To enable file type blocking, see Enabling file type blocking in a category filter.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Refine Your Policies > Managing traffic based on file type > Enforcement based on file analysis
Copyright 2018 Forcepoint. All rights reserved.