Enabling "File Inspection" in some cases will block non-malicious files. These types of files include:
- Password-protected files
- Potentially Unwanted Application (Corrupt) files
These files are blocked by Umbrella because they cannot be decompressed and scanned by our anti-virus tool. Password-protected files might appear blocked under the "Protected File" category. Corrupted files could include files that have encrypted content, have archived contents that cannot be extracted, have invalid compressed data or an invalid archive header, or is simply compressed or archived in an unsupported format. While these files may not be malicious, Umbrella will block them by default as a precaution as the files cannot be scanned.
If you know of a non-malicious file that as been blocked because of one of the reasons above, you can work around this by adding a rule that allows the trusted destination, and click "Override Security" to bypass the security settings for that destination:
As an alternative to allow password-protected files, in Policies --> Web Policy --> Global Settings there is a "Protected File Bypass" option. If "Allow Protected File Bypass" is selected, Umbrella will not block access to password-protected files. By default, this option is not selected.
To view a list of the files that were blocked, log in to the Reports section on your Dashboard. After running an Activity Search for Response "Blocked", the 'Action' column of the Activity Search will report blocked files as "Potentially Unwanted Applications (Protected File)" or "Potentially Unwanted Application (Corrupt)".
Note that by allowing the destination and overriding the security features, any file (including any files that may include malware) coming from the destination will bypass the Umbrella security settings. Please use these workarounds with caution to avoid accidental download of harmful files.