cancel
Showing results for 
Search instead for 
Did you mean: 

Blocking ZIP Files with GroupShield

Years ago I think blocking zip files was considered a good idea.

Is it still a good idea?

Group Shield is able to scan inside zip files right?

Can Group Shield scan inside a zip file that is password protected?

Do you think blocking zip files causes more problems than it helps?

2 Replies
Highlighted
McAfee Employee HS3
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Blocking ZIP Files with GroupShield

Password-protected files cannot be scanned. For example, RAR or ZIP files. Password-protected files policy specifies how the email messages containing a password-protected content are handled when detected.

Filter for Password Protected ZIP Files —

1. From Policy Manager, select a submenu item. The policy page for the submenu item appears.

2. Choose a desired policy.

3. Click Password-Protected Files. The View Settings tab for the password-protected file filter appears.

4. In Activation, select or deselect Enable to enable or disable the password-protected file filter settings for the policy.

5.  In Actions, view the action that will be taken when password-protected content is detected. To change those actions, click the Edit link.


Primary and secondary actions for password-protected content.  Primary actions for On-Access scan include:

1. Replace item with an alert — to replace the detected item with an alert message.

2. Delete message — to delete the email message item.

3. Delete embedded item — to delete the detected item. For example, to delete an attachment that triggers a detection rule.

4. Allow through — to allow the item to continue to the next scanning phase or on to its final destination.

For more information about this filter, refer to Password-protected files on page 140 from the GSE 7.x user guide.

Message was edited by: HS3 on 11/9/09 4:53 AM
McAfee Employee tlange
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: Blocking ZIP Files with GroupShield

In general you don't need to block zips but that decision is best left up to the individual customer and what their security policy dictates.  As long as the zip isn't password protected then gse will be able to scan the contents of the zip and apply other file filter rules that have been setup and scan for viruses.

if you do decide to block zips then the enduser is going to need to be educated that they won't be able to send or recieve these files and will probably need to be given a different means to get these files. 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community