File Rules

A file policy, like its parent access control policy, contains rules that determine how the system handles files that match the conditions of each rule. You can configure separate file rules to take different actions for different file types, application protocols, or directions of transfer.

For example, when a file matches a rule, the rule can:

• allow or block files based on simple file type matching

• block files based on disposition (whether or not evaluation indicates that it is malicious)

• store files to the device (For information, see Captured Files and File Storage)

• submit stored (captured) files for local malware, Spero, or dynamic analysis

In addition, the file policy can:

• automatically treat a file as if it is clean or malware based on entries in the clean list or custom detection list

• treat a file as if it is malware if the file’s threat score exceeds a configurable threshold

• inspect the contents of archive files (such as .zip or .rar)

• block archive files whose contents are encrypted, nested beyond a specified maximum archive depth, or otherwise uninspectable