Is there a way to extract hidden files?

book

Article ID: 159504

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Network Monitor Data Loss Prevention Network Prevent for Email Data Loss Prevention Network Prevent for Web Data Loss Prevention Network Protect Data Loss Prevention Endpoint Discover

Issue/Introduction

An incident has been detected, but you cannot see the violating text within the file triggering the incident. Is there a way to detect if there is information hidden?

Resolution

Many files can contain data from other files via OLE attachments. There is a utility called tstextract.exe which can extract OLE attachments which have triggered an incident.

 

  1. From a command prompt, change directory to the Vontu product tree:
    • For v10.5 and previous:
      • Windows: C:\Vontu\Protect\lib\native
      • Linux: /opt/Vontu/Protect/lib/native
    • For v11 and above: 
      • Windows 32-bit: C:\Vontu\Protect\plugins\contentextraction\Verity\Win32
      • Windows 64-bit: C:\Vontu\Protect\plugins\contentextraction\Verity\x64
      • Linux 32-bit: /opt/Vontu/Protect/plugins/contentextraction/Verity/i686
      • Linux 64-bit: /opt/Vontu/Protect/plugins/contentextraction/Verity/x86_64
  2. Find the program called “tstxtract.”
  3. Type: tstxtract <name of input file> <name of output directory>.
    The input file will be the original message. The output directory contains one or more hidden files. These files should be examined after running filter.exe to examine the extracted content.

See TECH220141: How to use filter.exe to determine if a message was parsed correctly

 See also TECH222006: What is a _kv0 temp file?