Advanced File Scanning
Advanced File Scanning
You can enable Advanced File Scanning, also known as Large File Support (LFS), for files exceeding the default size when analyzed by DLP, Threat Protection, or File Profile. This will allow you to modify file size limitations and timeout values.
By enabling Advanced File Scanning, you are allowing Netskope to temporarily store large files as specified in the Netskope Master Service Agreement (MSA).
Data Trickling: Sends small amount of data to the client or server while the file is being processed. This will prevent a connection reset due to a request timeout from client or server, while the file is being processed.
The fallback actions refer to the following actions:
- Allow – Do nothing at the time of failure and continue processing the policy list.
- Alert – Raise an out-of-band alert and continue processing the policy list.
- Block – Raise and alert and block the traffic immediately without further evaluating the policy list
Enable Advanced File Scanning
- To enable Advanced File Scanning, go to Settings > Manage > Advanced File Scanning and click the enable checkbox.
Configuration – DLP
1. Click Edit.
2. Select the DLP tab.
3. Select between the 16, 32, 64, and 128 options for your File Size limit (MB).
4. Enter a value for timeout in seconds. There is a maximum of 300 seconds.
5. Select your Fallback action by clicking EDIT. Choose between Allow, Alert or Block.
Configuration – Threat Protection
- Click Edit.
- Select the Threat Protection tab.
- Select between the 16 and 400 options for your File Size limit (MB).
- Select your Fallback action by clicking EDIT. Choose between Alert or Block.
Configuration – File Profile
- Click Edit.
- Select the DLP tab.
- Select between the 256 and 400 options for your File Size limit (MB).
- Select your Fallback action by clicking EDIT. Choose between Allow, Alert or Block.
Disabling Advanced File Scanning
You can disable Advanced File Scanning by unchecking the enable checkbox at the top of the page.
Example
When a file is scanned, the user will see the following prompt indicating the analysis has begun:
- To use a data loss prevention (DLP) profile, select DLP and click Select Profile. Search for a DLP profile or choose one from the list, which includes both predefined and custom profiles. After selecting a DLP profile, click Save.
- When finished, click Next.
Advanced File Scanning Support for Non-Web Proxy
Data trickling support for FTP not available at the moment and should be disabled.
Non-Web proxy supports DLP scanning for files size up to 128 MB.
To enable Large File Size (LFS) support, follow these steps to enable the advanced file scanning option.
Go to Settings > Manage > Advanced File Scanning > Advanced File Scanning and enable the slider.
DLP Timeout and the fallback actions, “Allow, Alert & Block” are supported.
Known Issues and Limitations
- Edit of FTP activities policy reset the File constraints values in the UI.
- For each new Large files the DLP scanning may take more time for processing.
- Filezilla FTP client will do continuous retries to upload a file if the Policy action is Blocked.
