File Type Detection

File Type Detection

The File Type Detection capability allows admins to configure policies to allow or block files based on a specific category (e.g. binary or executable) or file type (e.g. Android Package Kit). Optionally, admins can send files for deep analysis using DLP or Threat Protection Profiles or create Real-time Protection policies to ensure the content of files are checked to avoid data exfiltration or malicious files.

To analyze files exceeding the default size, you can enable Advanced File Scanning, also known as Large File Support (LFS). This feature allows you to modify file size limitations and timeout values. To learn more, see: Advanced File Scanning.

Note

If LFS is enabled, Netskope performs data tricking during content inspection, sending small amounts of data to the client or server while processing the file. This prevents a connection reset due to a request timeout from the client or server during this process.

When Real-time Protection blocks a download of a large file, Netskope will terminate the connection. However, some clients might attempt to initiate a partial content request (i.e., retry to download the file’s remaining data.

The block partial content request feature blocks these partial requests. This is a GA-Controlled feature. Contact your Netskope Sales team to enable this feature in your account.

Add a File Type Criteria and Constraint

Use the file type criteria and constraint in a policy to restrict upload or download of various types of files or category of files.

Note

The Real-time Protection policy supports up to 256 MB for restricting file types and file sizes by default. For extended file size support of up to 400 MB, reach out to your account team to enable this capability.

  1. Create a Real-time Protection policy or edit an existing policy. To learn more: Real-time Protection Policies.
  2. Click Add Criteria & Constraints and select Activity Constraints > File Type.
    Selecting File Type Activity Constraint.png
  3. Select whether a file should match or does not match the conditions specified.
    Selecting Match Does Not Match File Types.png
  4. Click Select File Type to make file category or file type selections.
    Select File Type Option.png
  5. The Select File Type window displays. You can select a category or click the magnifier to view and select the file types within the category.
    Selecting File Type Categories And Specific File Types.png
  6. Optionally, click Categories to return to the Category list without making any changes.
    File Type Select Categories Return.png
  7. Optionally, select the File Type Not Detected category if your file category is an unknown file type or doesn’t fall into an existing categorization. Scroll to the bottom of the list to view this category.
    File Type Not Detected Category.png
  8. Configure the Profile & Action.
  9. Add a policy name.
  10. Click Save.

Tip

You can view generated alerts in the Skope IT Application Event Details panel. To learn more, see About Application Events.

Add a File Size Criteria and Constraint

Use the file size criteria and constraint in a policy to restrict the size of various types of files or categories of files that users can upload or download.

  1. Create a Real-time Protection policy or edit an existing policy. To learn more: Real-time Protection Policies
  2. Click Add Criteria & Constraints and select Activity Constraints > File Size.
    Selecting File Size Activity Constraint.png
  3. Select whether a file should match or does not match the conditions specified.
    Selecting Match Does Not Match File Size.png
  4. Select an operator for the File Size criteria.
    Select File Size Operator.png
  5. Enter a value and select the unit of measurement for the File Size criteria. You can enter up to 1024 GB for the file size.
  6. Configure the Profile & Action.
  7. Add a policy name.
  8. Click Save.

Tip

Skope IT Application Event Details

Navigate to Skope IT > Application Events to view alert details.

Real-time Protection Policy Migration

Admins must migrate any existing policies to the new file type options, because the old file type options are deprecated and no longer available for inline policy creation. The new options provide more accurate and granular detection.

Warning

The ability to create or edit Real-time Protection policies with old file types is no longer available. Netskope highly recommends migrating your existing policies to the new file types as soon as possible, because policies containing old file types will not work.

Netskope has provided suggestions for updating all your existing policies that need to be migrated, including suggestions for new file types to replace your policies’ old file types. These suggestions are available for admins to review and take action on.

Note

Admins must verify the migration suggestions (wizard) before applying to ensure accuracy. Keep in mind that once the migration is complete, you can’t roll back the policies.

To do a migration, from old file type to new file type:

  1. Navigate to Policies > Real-time Protection, and then click Review Suggestions.
  2. A wizard will guide you through the migration suggestions.
  3. The migration utility will show the policies that must be migrated.
  4. You can accept the suggestions or make new file type choices.
Share this Doc

File Type Detection

Or copy link

In this topic ...