Supported file type filtering for true file types for DLP Agents running on Windows
Article ID: 150302
Updated On:
Products
Issue/Introduction
Resolution
Endpoint monitoring includes the ability to monitor and ignore files according to file type. Beginning with Data Loss Prevention 12, the DLP Agent for Windows can filter specific types of files to monitor based on file signature data, also known as the true file type. File signature data, generally a short sequence of bytes at the beginning of the file, is used to identify or verify the file type.
Because the DLP Agent for Windows can filter based on the true file type, the agent can correctly identify and filter files that have file extensions that do not match the original file extension. For example, if a user changes the .doc file name extension to .jpg, the agent can identify the file based on its signature as a DOC file, and either monitor or ignore it based on the agent configuration filter.
.txt) do not contain file signature data; consequently, the agent can only monitor or ignore these types of files based on the file extension. True type filtering is not possible for .txt files. You can find information about filtering on the agent in the "Working with agent configurations" chapter of the Symantec Data Loss Prevention Administration Guide 14 at http://www.symantec.com/docs/DOC8734.
The following table lists the file types and corresponding extensions that the DLP Agent for Windows can filter using true file type filtering.
| File type | Filtered file extensions |
|---|---|
| Adobe Acrobat | .pdf |
| Microsoft Office | .doc, .dot, .pps, .ppt, .xla, .xls, .wiz, .db, .msc, .msi, .mtw, .spo, .vsd, .wps, .pub |
| Office Open XML | .docx, .pptx, .xlsx, .dotx, potx |
| OpenOffice | .odt, .ott, .ods, .odp, .otp, .ots, .odg, .otg |
| OpenOffice (created using Microsoft Office) | .odt, .odp, .ods |
| ZIP and PKZIP | .zip, .jar, .xpi |
| StarOffice | .stw, .sxw, .sxc, .sxi, .sti, .stc, .std, .sxd |
| RAR archive | .rar |
Feedback
