Overview
Enabling "File Inspection" in some cases will block non-malicious files. These types of files include:
- Password-protected files
- Potentially Unwanted Application (Corrupt) files
These files are blocked by Umbrella because they cannot be decompressed and scanned by our anti-virus tool. Password-protected files might appear blocked under the "Protected File" category. Corrupted files could include files that have encrypted content, have archived contents that cannot be extracted, have invalid compressed data or an invalid archive header, or is simply compressed or archived in an unsupported format. While these files may not be malicious, Umbrella will block them by default as a precaution as the files cannot be scanned.
Explanation
If you know of a non-malicious file that as been blocked because of one of the reasons above, you can work around this by adding a rule that allows the trusted destination, and click "Override Security" to bypass the security settings for that destination:
As an alternative to allow password-protected files, in Policies --> Web Policy --> Global Settings there is a "Protected File Bypass" option. If "Allow Protected File Bypass" is selected, Umbrella will not block access to password-protected files. By default, this option is not selected.
To view a list of the files that were blocked, log in to the Reports section on your Dashboard. After running an Activity Search for Response "Blocked", the 'Action' column of the Activity Search will report blocked files as "Potentially Unwanted Applications (Protected File)" or "Potentially Unwanted Application (Corrupt)".
Note that by allowing the destination and overriding the security features, any file (including any files that may include malware) coming from the destination will bypass the Umbrella security settings. Please use these workarounds with caution to avoid accidental download of harmful files.
Comments
1 comment
The access worked but there was a question, should the download of a file with .exe extension where we have the File Type lock with this configuration work?
Would the File Type exception be different? Because they download files with extensions other than pdf and we have the File Type configured in the rule.
Please sign in to leave a comment.