cancel
Showing results for 
Search instead for 
Did you mean: 

Blocking ZIP Files with GroupShield

Years ago I think blocking zip files was considered a good idea.

Is it still a good idea?

Group Shield is able to scan inside zip files right?

Can Group Shield scan inside a zip file that is password protected?

Do you think blocking zip files causes more problems than it helps?

2 Replies
Highlighted
McAfee Employee HS3
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Blocking ZIP Files with GroupShield

Password-protected files cannot be scanned. For example, RAR or ZIP files. Password-protected files policy specifies how the email messages containing a password-protected content are handled when detected.

Filter for Password Protected ZIP Files —

1. From Policy Manager, select a submenu item. The policy page for the submenu item appears.

2. Choose a desired policy.

3. Click Password-Protected Files. The View Settings tab for the password-protected file filter appears.

4. In Activation, select or deselect Enable to enable or disable the password-protected file filter settings for the policy.

5.  In Actions, view the action that will be taken when password-protected content is detected. To change those actions, click the Edit link.


Primary and secondary actions for password-protected content.  Primary actions for On-Access scan include:

1. Replace item with an alert — to replace the detected item with an alert message.

2. Delete message — to delete the email message item.

3. Delete embedded item — to delete the detected item. For example, to delete an attachment that triggers a detection rule.

4. Allow through — to allow the item to continue to the next scanning phase or on to its final destination.

For more information about this filter, refer to Password-protected files on page 140 from the GSE 7.x user guide.

Message was edited by: HS3 on 11/9/09 4:53 AM
McAfee Employee tlange
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: Blocking ZIP Files with GroupShield

In general you don't need to block zips but that decision is best left up to the individual customer and what their security policy dictates.  As long as the zip isn't password protected then gse will be able to scan the contents of the zip and apply other file filter rules that have been setup and scan for viruses.

if you do decide to block zips then the enduser is going to need to be educated that they won't be able to send or recieve these files and will probably need to be given a different means to get these files. 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator