This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Encrypted files DLP

Hello,

I would like to ask what kind of encrypted files are blocked by DLP Conditions "Encryption" and "Encryption - Sophos" ? I want to block encrypted archives (zip files for example) and it does not work with them.

Thanks in advance!

Zhivodar



This thread was automatically locked due to age.
Parents
  • Hi Zhivodar,
     
    Please refer to Overview of data control in Enterprise Console and Sophos Central. Let me know if this helps solve your question.
     
    Haridoss S

    Haridoss Sreenivasan
    Technical Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Hi Haridoss Sreenivasan,

     

    I can't find information about my question in the existing documents... That's why I ask here.

     

    Zhivodar Petrov

  • Hi Zhivodar,
     
    Please let me know how you intend to protect the file using DLP (eg: do you want to protect files from copying onto a medium, or from emailing the file, etc).
     
    Haridoss S

    Haridoss Sreenivasan
    Technical Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • In this case I want to protect the from emailing. I want to block the encrypted archives and allow unencrypted archives for example.

     

    Zhivodar Petrov

  • Hi Zhivodar,

    I'm afraid that is not possible. You can protect the files from getting emailed though. There is a list of files which gets scanned by the data control scanner, please refer to Explanation of the file content that gets scanned by the data control scanner.

    Haridoss S

    Haridoss Sreenivasan
    Technical Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • The main question is what kind of file types does "Encryption" block?

    Why "Encryption" does not block encrypted zip files from sending by mail?

    For example I can block all kind of archives to be sent - the condition works. But the task is to block only encrypted archives.

    Zhivodar Petrov

  • Hi Zhivodar,

    Thank you for the screenshot, I will investigate on this and update you further.

    Haridoss S

    Haridoss Sreenivasan
    Technical Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Hello Zhivodar Petrov,

    not sure if this is of much help to you - specifically I can't see that it'd help to solve your problem.
    The SEC (on-premise managed) Data Control GUI enumerates the File type groups, for Encryption is lists:
    Kremlin encrypted file
    PGP encrypted file (binary)
    PGP encrypted message (ASCII-Armored)
    SecurityBox encrypted file
    ACID encryption
    CryptoGram File encryption
    AxCrypt Encrypted File
    OpenPGP/GPG encrypted file
    for Encryption - Sophos:
    SafeGuard encrypted file
    SafeGuard encrypted file (self-extracting)
    SafeGuard PrivateDisk Container
    finally for Archive:
    7z archive format
    ACE archive
    ARC, PAK Format
    ARJ/ARJ32 archiver
    AppleDouble encoded
    AppleSingle encoded
    Base64 encoded
    BinHex compressed archive (.HQX)
    BlackHole Archive Format File
    CMZ archive
    GZIP compressed file
    HA compressed archive
    Inline E-mail Attachment
    InstallShield CAB archive
    JAR archive file
    LZH compressed archive
    MacBinary archive format
    Microsoft CAB archive
    Microsoft MSFT Storage
    Microsoft Windows Installer Package
    Microsoft web archive - Multipurpose Internet Mail Extension HTML (MHTML) format
    MsCompress archive
    OpenDocument (ODF)
    PK ZIP archive
    PK ZIP archive [encrypted]
    RAR compressed archive
    RAR compressed archive (password protected)
    RPM package file
    StuffIt compressed archive
    Symbian SIS Archive
    Symbian SIS file
    TAR archive
    UNIX compressed archive
    UU-encoded
    Unix archive (AR / CPIO)
    ZOO Archive
    bzip compressed archive
    yEnc encoding
    Split File Shell Extension - split file archive
    ACE archive [encrypted]
    Compressed Microsoft Office File (.MSO)
    Windows Prefetch file
    Chrome Extension CRX Package Format
    xar compressed archive
    XZ compressed file
    Arc File Format

    I haven't played much with it but it seems it doesn't discern encrypted and unencrypted archives (although in the log it correctly indicates an encrypted archive). It has its own group for password protected office files. Dunno why there isn't a similar group for archives.

    Christian

  • Thank you, Christian!

    This helped me understand what kind of files can be controlled.

    I see that there isn't specific option only for encrypted archives and "Encryption" controls other files.

Reply Children
No Data