Encrypted files are unscannable in Symantec Protection Engine. If you want to protect your network from threats of encrypted container files, configure Symantec Protection Engine to handle unscannable encrypted container files.
To configure file type filtering in Symantec Protection Engine
Go to the Symantec Protection Engine installation directory.
Enable encrypted container file handling.
Command
:xmlmodifier -s //filtering/Container/EncryptedContainersHandling/@enabled true filtering.xml
Allowed values
:true
Enables options to handle encrypted container files.
false
Disables options to handle encrypted container files.
Default value
: trueSpecify how you want Symantec Protection Engine to handle encrypted container files.
Command:
xmlmodifier -s //filtering/Container/EncryptedContainersHandling/Actions/ EncryptedContainersActionPolicy/@value <value> filtering.xml
Allowed values
:Generates a log entry. Symantec Protection Engine only logs instances of encrypted container files.
1
Blocks the encrypted container files and generates a log entry.
2
Deletes the encrypted container files and generates a log entry.
Default value
: 0Continue scanning of the blocked encrypted container file.
Command:
xmlmodifier -s //filtering/Container/EncryptedContainersHandling/Actions/ ContinueProcessingInEncryptedBlockPolicy/@value true filtering.xml
Allowed values
:true
Continues the scanning of the encrypted file that is blocked.
false
Stops the scanning of the encrypted file that is blocked.
Default value
: falseQuarantine the encrypted files.
Command:
xmlmodifier -s //filtering/Container/EncryptedContainersHandling/Actions/Quarantine/@value true filtering.xml
Allowed values
:true
Quarantines the encrypted files.
false
Does not quarantine the encrypted files.
Default value
: falseFiles will be quarantined only if you have delete policy.
Restart the Symantec Protection Engine service.