DLP Agent prefilters consider .jar .zip and .xpi as the same type


Article ID: 170560


Updated On:


Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Discover


In the agent configuration there is an option to monitor .zip files with priority 1 and to ignore .jar files with priority 2. 

The agent continues to monitor .jar files. This behavior can be seen with DIM (data in motion) events in the agent log files.


DLP 12
DLP 14
DLP 15


This is a known limitation of the product. Zip archive file types (.zip, .jar, .xpi) have the same file signature and they are all considered the same type.

The file signature supersedes the file type. DLP agent will use signatures to identify file types so that renaming a file cannot be used to circumvent the DLP filters.