search cancel

Create rules based on file type for Data Loss Prevension (DLP)

book

Article ID: 174090

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

You want to create a Symantec Data Loss Prevention (DLP) policy rule based on file type. What are the steps and what is supported?

Resolution

You use the Message Attachment or File Type Match condition to match the file type of a message attachment. Symantec Data Loss Prevention supports the identification of over 300 file types. See Supported formats for file type identification.

Example uses of message attachment and file type matching are as follows:

  • A certain type of document should never leave the organization (such as a PGP document or AutoCAD file).
  • A certain type of match is likely to occur only in a document of a certain type, such as a Word document.

The detection engine does not rely on the file name extension to match file format type. The engine checks the binary signature of supported file formats. For example, if a user changes a .doc file's extension to .txt and emails the file, the detection engine can still register a match. It checks the binary signature of the file to detect it as a DOC file. See Supported formats for file type identification

Note: File type matching does not detect the content of the file; it only detects the file type based on its binary signature. To detect content, use a content matching condition.

To Configure the Message Attachment or File Type Match condition

  1. Add a Message Attachment or File Type Match condition to a policy rule or exception, or edit an existing one.
  2. Configure the Message Attachment or File Type Match condition parameters.
  3. Click "Save" to save the policy.