Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 0 subscribers
  • Views 82625 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

REQUESTS: post any requests for new Content Control Lists or additional file type support here

Johnstringer

Please use this thread to post any requests for new Content Control Lists or additional file type support here.

If you prefer to keep your request private then please place the request via Sophos support and we'll follow up.

The types of requests we've received in the past include:

  1. Additional country support for PII (personally identifiable information) and confidential document markers.
  2. Support for industry specific regulations, for example PCI DSS (payment card industry) and HIPAA (US health care).
  3. Support for national or industry specific identifiers.
  4. Support for additional file formats e.g. CAD; encrypted formats; industry specific image formats

When you place a request with Sophos product management and SophosLabs please provide as much information as possible to help in the creation of the Content Control List. For example, often identifiers will use a inbuilt checksum (commonly Mod 10 or Mod 11 based) or will be displayed alongside what we refer to "qualifying terms". An example of a qualifying term might be "DOB" next to a date of birth format or "MRN" next to a medical record number.

For filetype requests please provide a selection of samples so the labs can use these for analysis.

:10795


This thread was automatically locked due to age.
Parents
  • 0
    Hello PAGAN,

    with content rules you should include all aplicable filetypes. Thus format wouldn't matter. For file rules it is not the extension which triggers a rule but the "true file type" - the initial sacn tries to identify the markes and deduce the "true" content.

    Keeping copies of files is far beyond the current product (i.e. the ESDP client components). First question is - where should they be kept? Windows provides a plethora of filesystem audit points - the challenge is to select those of interest and then analyse and interpret the collected data.
    DLP is a "natural" extension of AV scanning - identify a file's "real" type, scan for signatures and patterns, block or allow. Audit trails and version history are something different (and are usually done on the server side).

    Christian
    :15903
Reply
  • 0
    Hello PAGAN,

    with content rules you should include all aplicable filetypes. Thus format wouldn't matter. For file rules it is not the extension which triggers a rule but the "true file type" - the initial sacn tries to identify the markes and deduce the "true" content.

    Keeping copies of files is far beyond the current product (i.e. the ESDP client components). First question is - where should they be kept? Windows provides a plethora of filesystem audit points - the challenge is to select those of interest and then analyse and interpret the collected data.
    DLP is a "natural" extension of AV scanning - identify a file's "real" type, scan for signatures and patterns, block or allow. Audit trails and version history are something different (and are usually done on the server side).

    Christian
    :15903
Children
No Data
Unfiltered HTML