ICAP error on password protected file

book

Article ID: 171378

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Customer is met with an ICAP_error screen, with the message:
"File is password protected; File: foo.zip; Sub File: ; Vendor: Symantec...
There could be a network problem, the ICAP service may be misconfigured, or the ICAP server may have reported an error.
Tech support information: icap_error"

Password protected Excel files blocked (not limited to only Excel files)

 

"File is password protected; File: foo.zip; Sub File: ; Vendor: Symantec...
There could be a network problem, the ICAP service may be misconfigured, or the ICAP server may have reported an error.
Tech support information: icap_error"

Cause

Password protection makes it impossible to scan the file, and by default traffic is blocked when scanning is not possible.

Environment

  • Web Security Service
  • File types included but not limited to: Excel (.xlsx), PowerPoint (.ppt), Word (.doc)

Resolution

  • Go to threatpulse portal and add the problematic URL to the Scanning Exemptions section.
    • It can be found in Solutions > Threat Protection > Content Analysis.
  • Adding the site to Scanning Exemptions will render it impervious to policy decisions, as it will no longer be going through its normal workflow. Please be as specific as possible when adding URLs to this category to avoid the unnecessary allowing of other sites.
  • For example, if the error screen shown above is citing the URL 'https://dropbox.com/data/directory/myFile.zip', adding 'dropbox.com' to Scanning Exemptions may be counterproductive, as it is a hosting domain used on many sites and can have unexpected results. Add full URLs when given the opportunity.