Who Me Too'd this topic

cancel
Showing results for 
Search instead for 
Did you mean: 

Who Me Too'd this topic

Detecting Encoded or non-Standard Binary Files

I am looking for a way to detect encoded (i.e. Base64) text and/or files within DLP.  I have a RegEx that generally works, but due to the way Base64 works (primarily alphanumeric characters), it detects far too many false positives.  What I am trying to accomplish is detect all or part of a message/file that is encoded and generate an incident.

Additionally, I am in search of a way to detect non-standard files.  For instance, if someone were to append encoded/binary content to the end of legitimate file type (jpeg, doc, etc.) to exfiltrate data.  

If anyone has had any success or suggestions around this, I would greatly appreciate it.

Kind Regards,

Nick

Who Me Too'd this topic

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community