Ignoring .zip files also ignores Microsoft Office files
search cancel

Ignoring .zip files also ignores Microsoft Office files


Article ID: 184508


Updated On:


Data Loss Prevention Endpoint Discover


When creating a filter in an agent configuration to ignore zip files, it is also ignoring Microsoft Office files (.docx, .xlsx, .pptx, etc).


DLP 15.0 and higher


This is caused by the signatures of the files being very similar. Rather than filtering on just the file extension itself, DLP looks at the hex of the file to determine file type. The hex signature of .zip files is the same as the beginning of the hex signature of Microsoft Office files.


  1. Create a "Monitor" filter to specifically monitor Microsoft Office extensions.
  2. Create an "Ignore" filter to look for the .zip extension.
  3. Ensure the Monitor filter is placed with higher priority than the Ignore filter.