cancel
Showing results for 
Search instead for 
Did you mean: 

Detecting Encoded or non-Standard Binary Files

I am looking for a way to detect encoded (i.e. Base64) text and/or files within DLP.  I have a RegEx that generally works, but due to the way Base64 works (primarily alphanumeric characters), it detects far too many false positives.  What I am trying to accomplish is detect all or part of a message/file that is encoded and generate an incident.

Additionally, I am in search of a way to detect non-standard files.  For instance, if someone were to append encoded/binary content to the end of legitimate file type (jpeg, doc, etc.) to exfiltrate data.  

If anyone has had any success or suggestions around this, I would greatly appreciate it.

Kind Regards,

Nick

1 Reply
Highlighted
McAfee Employee Mreaden
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Detecting Encoded or non-Standard Binary Files

Nick,

Unfortunately, Mcafee support does not support custom regex or create custom regex. 

 

Thanks

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community