Endpoint monitoring includes the ability to monitor and ignore files according to file type. Beginning with Data Loss Prevention 12, the DLP Agent for Windows can filter specific types of files to monitor based on file signature data, also known as the true file type. File signature data, generally a short sequence of bytes at the beginning of the file, is used to identify or verify the file type.
Because the DLP Agent for Windows can filter based on the true file type, the agent can correctly identify and filter files that have file extensions that do not match the original file extension. For example, if a user changes the
.doc file name extension to
.jpg, the agent can identify the file based on its signature as a
DOC file, and either monitor or ignore it based on the agent configuration filter.
You can find information about filtering on the agent in the "Working with agent configurations" chapter of the Symantec Data Loss Prevention Administration Guide 14 at http://www.symantec.com/docs/DOC8734.
The following table lists the file types and corresponding extensions that the DLP Agent for Windows can filter using true file type filtering.
|File type||Filtered file extensions|
|Office Open XML||
|OpenOffice (created using Microsoft Office)||
|ZIP and PKZIP||