Skip to main content
  • EN

AD_4nXfOcLmIBLqQvmLvI-xCTkPZ4oUF5OtfE3_ibj3QYbkaSVrBlN0ZbljKZ5uI-8Jsp8-f4qwzy-n8axGnrwXG7hjGqEyXG29JSNrPYJMjukFxVrf6UuZD_p-cobqsX2sjz75F6J8bVyIv7ZJrGc_YdhGONo4?key=QpwZrGpX884jRzDIia_GVA

Netskope Global Technical Success (GTS)

KB - How to block Zip files via Netskope Realtime Protection Policy

 

Netskope Cloud Version - 119

 

Objective

How to block Zip files via Netskope

 

Prerequisite

Netskope SWG license is required

 

Context

Zip files can be harmful by concealing malware, creating zip bombs that crash systems, facilitating phishing attacks, enabling data theft, and bypassing security measures. Their ability to compress and hide content makes them a tool favorite for cybercriminals, despite their legitimate uses in file compression and organization.

 

Do You Know?

Threat Protection scans -

  • upto 10 layers for popular archives such as zip, rar, tar and 7zip. 
  • upto 8 layers are scanned for Tar-gz.

 

Configuration

Step 1: Create a Real-time protection policy

Path: Netskope Tenant UI >>> Policies >>> Real-time Protection >>> New Policy >>> Web Access/Cloud App Access 7Depending on Requirement]

 

AD_4nXelJC8XeSPOAyj-goC1o5dGinkKOR-q7vzDapG6sCqUPejHIhVffcDJWFCItgUHigKt3l0bLc_d6TYwLogYXz6hIy6pNwufd2zAuw-6dg_02UF_qFuXRTFsvROMnBk4RTAU9s4rDQ2-ckkr_yxsbRJSVCjW?key=QpwZrGpX884jRzDIia_GVA

 

  • Select User/User Group as required.
  • Under Destination, choose the required category. In this example we are selecting Cloud Storage for Google Drive, Activity as Upload 
  • Click on Add Criteria and Constraints >>> Activity Constraints >>> File Type

 

AD_4nXfGzlrIMeR592myP8xsYI_mo4FqG-eMTlOjaCSEoA842Z-WFp7WxkIYuE2RqzdxILbbtLPmBakvk7RpD4zS05LjY_MXENxOdOP9oAlYjRhDY7KhG_qcwEr22hQRdA8sb86FTK6V9nMop19qvgXFhxJlPUk3?key=QpwZrGpX884jRzDIia_GVA

 

  • Click on Select File Type and select the expansion icon next to Archive and Compressed

AD_4nXdJQIOmUUzPagcM4au5J6QkLzX0UmrlHNt6t32Zg0kCX3bYdhEotXLobHsjDbeLpe4084GWzFxRJ_q9ESeVmRWmnbpnXHTTtbgW5guaVa8W-ZRUHQ7WusHBs2yoORkOVFNudOWyG2TLpomXl0zZT6qPdq0?key=QpwZrGpX884jRzDIia_GVA


 

  • Search for Zip and click on Select All, and then Save. nThis can be modified based on required file types]

 

AD_4nXduLh9UkpfcXYIOaxup3WPL4-TnnxMtTdMKPv6U2nABf-UhQ_rEXyy7alY_wUBMAxMUpr7egvryhL3sJfNI3pEKVZiabou-ktZNRf8DWn-UFb2-Xcj6kVQ0fyiOUJ2FiVDz3hlrsVAccs-JlfQKqvG5QLrY?key=QpwZrGpX884jRzDIia_GVA

 

  • Set Action to Block, and Save the policy

 

AD_4nXfUCv3I2jcun-tWdptOqXL_R0ID7tYDCOC9KUVYPNjmzr2Tf21qEAAFGOtSgRcpZN3YtoHjp5mAPEKC-CIWBkr84WgBn6iuYwO1WAowZbAhSQFt563JfD9OIsBxHitNM-7cjYxV5y6GfdXWeyEC6gm8jkcI?key=QpwZrGpX884jRzDIia_GVA


 

Verification

When the end user tries to upload a zip file to Gdrive, they get a Pop Up from Netskope client that the activity is blocked.

AD_4nXdob26cJC5WbUJbufxqlx3AtEQ2oNi5qns-ayj7qXGPT6z5ACynqg6xevAdh-ozGaIP4FG-WZEPgVKqKxfZR5em9KRsw8Qw8wzVFNvyU4cHbY2iTM_lORz6yxoYIhRj8OcB8X9PndJggZrflkdadlZyyug9?key=QpwZrGpX884jRzDIia_GVA

 

This activity is logged in Netskope Tenant UI >>> Skope IT >>> Alerts

AD_4nXdZijWU9ki1AqTRzwMBmmTdnLgxaGDyEMF7QVGqNiJLEn3aF6cQBKqXt8LCO_m_T7BTqTV68WGqygrEOKlr7y2T4o-tGt837R-HhE7mcDmlB9741w4i2QG4sH3QSj_cGRSi9MkMDWvayC1_H6zk-GLjSt0?key=QpwZrGpX884jRzDIia_GVA

 

Recommendations

  • Consider setting the policy to “Alert” before “block” to monitor the impact
  • Exceptions can be made based on User/Project Justification.

 

Terms and Conditions

  • All documented information undergoes testing and verification to ensure accuracy.
  • In the future, it is possible that the application's functionality may be altered. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

 

Notes

  • This article is authored by Netskope Global Technical Success (GTS).
  • For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
Terms & ConditionsCookie settings