Data Loss Prevention

 View Only
Back to discussions
Expand all | Collapse all

.7z not detecting/preventing in symantec dlp 14.5

  • 1.  .7z not detecting/preventing in symantec dlp 14.5

    Posted Sep 26, 2016 10:26 AM

    I have created IDM profile for .pdf file and try to send this document to with different extension format

    I got detected or block all format except .7z.

    Not able to detect and prevent blocking of 7z format

    I am using 14.5 version



  • 2.  RE: .7z not detecting/preventing in symantec dlp 14.5

    Posted Sep 26, 2016 10:28 AM

    I have created IDM profile for .pdf file and try to send this document to removable media/pendrive with different extension format.

    I got detected and block all format except .7z. file format.

    Not able to detect and prevent blocking of 7z format

    I am using 14.5 version



  • 3.  RE: .7z not detecting/preventing in symantec dlp 14.5

    Posted Sep 26, 2016 11:33 AM

    Hello,

     

    Is this .7z file encrypted or split into several files? That might be the reason…

    Check my answer to this post:

    https://www.symantec.com/connect/forums/dlp-how-prevent-7zip-file-attachment-keyword-match

     

    In a normal situation you should be able to detect the file as well.. no matter the detection used (IDM, DCM...).

     

    BR,



  • 4.  RE: .7z not detecting/preventing in symantec dlp 14.5

    Posted Jul 01, 2021 09:20 PM
    Hi Margado,

    Can you please share the steps in article https://www.symantec.com/connect/forums/dlp-how-prevent-7zip-file-attachment-keyword-match as I am unable to see it.
    Original Message


  • 5.  RE: .7z not detecting/preventing in symantec dlp 14.5

    Posted Jul 01, 2021 10:07 PM
    Hello Vandana,

    Try this one

    https://community.broadcom.com/symantecenterprise/viewdocument/data-loss-prevention-dlp-create?CommunityKey=65cf8c43-bb97-4e96-ae0b-0db8ba1b4d07&tab=librarydocuments

    I hope it helps

    BR
    Atif
    Original Message


  • 6.  RE: .7z not detecting/preventing in symantec dlp 14.5

    Posted Sep 27, 2016 01:01 AM

    Hi Morgado,

     

    I am able to detect .rar , .zip file but copying .7z is not working.

    In endpoint configuration i was added this extesion.

     



  • 7.  RE: .7z not detecting/preventing in symantec dlp 14.5

    Trusted Advisor
    Posted Sep 27, 2016 02:45 AM

    hello deepak,

     In order to check if issue is at 7z analysis level, did you perform some simple test like detecting a filename in a 7zip or just a simple keyword in a document included in a 7zip ?

    Does 7z is available on workstation from where you perform these tests ? Do you know which compression type were used in 7zip (deflate / LZMA / ...) ?

     

     Regards.

     



  • 8.  RE: .7z not detecting/preventing in symantec dlp 14.5

    Posted Sep 27, 2016 05:06 AM

    I Have created policy for word matching ( DCM ) and put that word in txt file.

    While coping txt file it get detect but same txt file I put into .7z ( 7-zip ).

    So its skip detection and didn’t get any incident.

     

    Hi Stephane,

    I don't know which compression format it is but its a 7-zip



  • 9.  RE: .7z not detecting/preventing in symantec dlp 14.5
    Best Answer

    Posted Sep 28, 2016 05:41 AM

    after add 7z file policy extention it started working and detecting. 



  • 10.  RE: .7z not detecting/preventing in symantec dlp 14.5

    Posted Sep 28, 2016 05:48 AM

    Out of curiosity.. where did you add the extension?



  • 11.  RE: .7z not detecting/preventing in symantec dlp 14.5

    Posted Sep 28, 2016 12:25 PM

    I believe that would be under "Agent Configuration"



  • 12.  RE: .7z not detecting/preventing in symantec dlp 14.5

    Posted Sep 28, 2016 12:43 PM

    It was not working preconfigured agent configuration 

    os I added new policy fot that and it started detecting.



  • 13.  RE: .7z not detecting/preventing in symantec dlp 14.5

    Posted Sep 29, 2016 12:10 PM

    Hello,

    I was just asking because the DLP control this file type natively.. so you shouldn't need any extra steps to make the detection work.

    My guess is that you had some wrong (or not default) configuration.

     

    BR,

    Morgado