DLP Agent prefilters consider .jar .zip and .xpi as the same type

book

Article ID: 170560

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Discover

Issue/Introduction

In the agent configuration there is an option to monitor .zip files with priority 1 and to ignore .jar files with priority 2. 

The agent continues to monitor .jar files. This behavior can be seen with DIM (data in motion) events in the agent log files.

Environment

DLP 12
DLP 14
DLP 15

Resolution

This is a known limitation of the product. Zip archive file types (.zip, .jar, .xpi) have the same file signature and they are all considered the same type.

The file signature supersedes the file type. DLP agent will use signatures to identify file types so that renaming a file cannot be used to circumvent the DLP filters.