Solved

Block Zip File Contains Executable

  • 5 March 2024
  • 5 replies
  • 117 views

Hi

How to block download/upload binary files in zip?

How many layer of zip the engine will unzip for scanning?

thank

icon

Best answer by ejang 7 March 2024, 04:18

View original

5 replies

Userlevel 2
Badge +1

What feature are you referring to? DLP or TP?

Hi Ejang

 

TP and SWG.  For SWG, I will want to block any binary files in compression format such as zip, arj, etc.

thank

Userlevel 2
Badge +1

First, you need to create a file profile that includes all binary files. Then, create a DLP profile with the file profile. Finally, create a RTP policy with the DLP profile. Please see the sample below.

 

Hi Ejang

I am using true filetype for blocking.  Binary in zip didnt hit this RTP.  Is this rule correct?

 

Userlevel 2
Badge +1

You need to use DLP profile, not activity constraint.

  1. create a file profile including binary file types
    https://docs.netskope.com/en/netskope-help/data-security/real-time-protection/profiles/adding-a-file-profile/
  2. create a dlp profile and select the file profile
    https://docs.netskope.com/en/netskope-help/data-security/data-loss-prevention/dlp-profiles/create-a-custom-dlp-profile/
  3. Use the dlp profile in RTP policy.

Reply