Access by file type

Before you begin

  • Your enterprise needs an Advanced Threat license.

  • Make sure ETP Proxy and inline payload analysis are enabled.

​Enterprise Threat Protector​ allows you to block or monitor specific file types based on MIME type. To detect the MIME-types, ETP inspects the actual HTTP payloads and file extensions. It does not evaluate Content-Type headers which do not always match the actual file types.

To block or monitor the download and upload of specific file types:

📘

​Enterprise Threat Protector​ does not inspect individual files within archive files, such as ZIP, TAR, and RAR files. To block files within archives, set file blocking on one or more archive file MIME types, such as application/zip, application/x-tar, application/x-rar, as described.

  1. In the Threat Protection menu of Enterprise Center, select Policies > Policies.

  2. Click the name of the policy that you want to edit.

  3. Click the Access Control tab.

  4. Click the File Types tab.

  5. To define file types for download:

    1. Click the link icon in the File Types for Download Traffic row.

    2. In the dialog that displays, select or enter the two-part identifier for each MIME type that you want to block or monitor.

    📘

    Unknown or arbitrary binary data is classified as the application/octet-stream MIME type by default. Add this file type if you want to block this traffic.

    1. Click Associate.

    2. Expand the File Types for Download Traffic row to view the file types you specified. By default, the policy action is set to Block. To monitor the file type instead, click the action and change the value to Monitor. If you want to apply the same action to all file types, select the action in the Action column heading.

    3. If the policy is configured with an IdP and you want to exempt users or groups from the specified action, click the link in the Exceptions column and specify one or more users or groups.

  6. To define files types for upload:

    1. Click the link icon in the File Types for Upload traffic row.

    2. In the dialog that displays, select or enter the two-part identifier for each MIME type that you want to block or monitor.

      Unknown or arbitrary binary data is classified as the application/octet-stream MIME type by default. Add this file type if you want to block this traffic.

    3. Click Associate.

    4. Expand the File Types for Upload traffic row to view the file types you specified. By default, the policy action is set to Block. To monitor the file type instead, click the action and change the value to Monitor. If you want to apply the same action to all file types, select the action in the Action column heading.

    5. If the policy is configured with an IdP and you want to exempt users or groups from the specified action, click the link in the Exceptions column and specify one or more users or groups.

  7. To apply a more aggressive scanning engine to monitored traffic, enable Aggressive. This option is not recommended for blocked file types.

  8. To block uploads that take longer than 15 minutes to scan, in the Settings tab, enable Block Uploads After Timeout.

  9. Click Save. If you want to save and deploy the policy, click Save and Deploy.

Next steps
If you haven’t deployed the policy, make sure you deploy it to the ETP network. For instructions, see Deploy configuration changes.

Block uploads after timeout

If you’re using data loss prevention or file type blocking, you can select to block uploads that take longer than 15 seconds to scan.

To block uploads after timeout:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Policies.

  2. Click the name of the policy that you want to edit.

  3. Click the Settings tab.

  4. In the Payload Analysis section, enable Block Uploads After Timeout.

  5. Click Save. If you want to save and deploy the policy, click Save and Deploy.

Next Steps

If you haven’t deployed the policy, make sure you deploy it to the ETP network. For instructions, see Deploy configuration changes.


Did this page help you?