Enterprise DLP
File Types
Table of Contents
Expand All
|
Collapse All
Enterprise DLP Docs
File Types
File types supported by Enterprise Data Loss Prevention (E-DLP).
Enterprise Data Loss Prevention (E-DLP) supports the following file operations, upload and download
parameters, and supported file types.
- Enterprise DLP File Operations and ParametersOperation or ParameterSupportNotesFile Name Characters
Up to 64 bytes in length File character name length applies to uploads and downloads.File Operations- Enterprise DLP Plugin 3.0.1 and earlier—HTTP/1.1
- Enterprise DLP Plugin 3.0.2 and later—HTTP/1.1 and HTTP/2
- Strata Cloud Manager—HTTP/1.1 and HTTP/2
Some apps, such as SharePoint and OneDrive, use HTTP/2 by default. To use Enterprise DLP for apps using HTTP/2 File exchange on Enterprise DLP plugin 3.0.1 and earlier, you need to create a decryption profile and a Security policy rule to strip out the application-layer protocol negotiation (ALPN) extension in headers. See enable Enterprise DLP for more information.Enterprise DLP supports Block and Alert actions for HTTP and HTTPS files. However, the Block page does not display the name of the blocked file.File SizeUp to 100 MBThe maximum supported file size is dependent on the app. Review the supported apps for more information.Data DirectionUploadDownloadUpload and download support is dependent on each supported app.Enterprise DLP does not support maintaining a session connection to continue inspection if a file upload or download is paused. Enterprise DLP inspection is terminated for the file if the upload or download operation is paused.Concurrent FilesUploadDownloadEnterprise DLP supports inspection of all concurrent file uploads and downloads.File Encryption Not SupportedEnterprise DLP can't inspect encrypted files. You must create a decryption rule to enable Enterprise DLP inspection.Enterprise DLP can't inspect files encrypted using the encryption option for AIP labels. - Enterprise DLP Supported File TypesThe NGFW and Prisma Access tenant inspect both the file type and the specific file extension for all file types before forwarding to Enterprise DLP. The file type inspection is based on the signature of the file and is commonly referred to as the magic byte. The file extension is indicated in the suffix in the file name. For example, .docx, .csx, and .js.The file types that the enforcement point, such as the NGFW or Prisma Access tenant, forwards to Enterprise DLP depends on the File Scan Mode setting configured in your DLP Rule on Strata Cloud Manager or data filtering profile on Panorama:
- Include—The enforcement point only forwards supported file types to Enterprise DLP for inspection and verdict rendering.To begin Enterprise DLP inspection the enforcement point first examines the file type and then examines the file extension to ensure Enterprise DLP can successfully inspect the file. The enforcement point then forwards the file to Enterprise DLP after it verifies that Enterprise DLP supports both the file type and file extension. Despite examining both the file type and file extension, Enterprise DLP always prioritizes the file type over the file extension.
- Exclude—The enforcement point forwards all file types, except for those you decided to exclude, to Enterprise DLP for inspection and verdict rendering. However, Enterprise DLP inspects and renders verdicts only on supported file types.To begin Enterprise DLP inspection the enforcement point first examines the file type and then examines the file extension to verify it's not a file type you excluded from Enterprise DLP inspection. After verifying it's not an excluded file type, the enforcement point forwards the file to Enterprise DLP. Enterprise DLP then continues to inspect and render a verdict on supported file types while ignoring unsupported file types.
When you enable Optical Character Recognition (OCR), Enterprise DLP inspects only the first 15 images in the file unless otherwise noted.File TypeFile ExtensionDirection Notes 7z.7zUploadDownloadNo maximum number of file compression levels.The total file size for all extracted files cannot exceed 125 MB for apps that support 100 MB file sizes or 25 MB for apps that support 20 MB file sizes.asm.sUploadDownload—c_cpp-hdr.hUploadDownload—c_cpp-src.cUploadDownload—cpp-hdr.hpp.h++.hxxUploadDownload—cpp-src.cpp.c++.cxxUploadDownload—csharp.cs.csxUploadDownload—csv.csvUploadDownload—doc.docUploadDownload—docx.docx.docmUploadDownload—go.goUploadTo forward GO files to Enterprise DLP, you must configure the File Scan Mode as Exclude in your DLP rule on Strata Cloud Manager or data filtering profile on Panorama. Enterprise DLP doesn't support forwarding GO files using Include File Scan Mode.For example, you want to create a DLP rule to forward coding and scripting files, including GO.You create a DLP rule with Exclude File Scan Mode configured and select all the file types you don't want to forward. You don't select js, pl, and vbs . In this case, JS, PL, VBS, and GO files are forwarded to Enterprise DLP.gzip.gz.tgzUploadDownload- Prisma Access and NGFW (Managed by Panorama or Strata Cloud Manager)—Enterprise DLP supports up to four levels of file compression. The total file size for all uncompressed files may not exceed the maximum supported file size for each app.
- Data Security—No maximum number of file compression levels. The total file size for all uncompressed files cannot exceed the maximum supported file size for each app.
html.htmlUploadSupported on PAN-OS 11.1 and later releases.To forward HTML files to Enterprise DLP, you must configure the File Scan Mode as Exclude in your DLP rule on Strata Cloud Manager or data filtering profile on Panorama. Enterprise DLP doesn't support forwarding HTML files using Include File Scan Mode.For example, you want to create a DLP rule to forward coding and scripting files, including HTML.You create a DLP rule with Exclude File Scan Mode configured and select all the file types you don't want to forward. You don't select js, pl, and vbs . In this case, JS, PL, VBS, and HTML files are forwarded to Enterprise DLP.java-src.javaUploadDownload—js.jsUpload—matlab/obj-c.mUploadDownload—pdf.pdfUploadDownload—pl.pl.pmUploadDownload—powershell.ps1.ps2.psc1.psd1.psm1.ps1xml.ps2xml.clixmlUploadDownload—ppt.ppt UploadDownload—pptx.pptx.pptm.ppsx.ppsmUploadDownload—py.pyUploadDownload—r.rUploadDownload—rtf.rtfUploadDownload—ruby.rbUploadDownload—txt-upload.txtUpload—vbs.vbsUploadDownload—verilog.v.vhUploadDownload—vhdl.vhdlUploadDownload—vsd.vsdUploadDownloadRequires Application and Threats content release 8656-7766 or later versions installed on Panorama and managed NGFW, or Strata Cloud Manager.vsdm.vsdmUploadDownloadRequires Application and Threats content release 8656-7766 or later versions installed on Panorama and managed NGFW, or Strata Cloud Manager. vsdx.vsdxUploadDownloadRequires Application and Threats content release 8656-7766 or later versions installed on Panorama and managed NGFW, or Strata Cloud Manager. xls .xls UploadDownloadEnterprise DLP does not support inspection of images or pivot tables.xlsx.xlsx .xlsm.xlsbUploadDownloadEnterprise DLP does not support inspection of images or pivot tables.zip.zipUploadDownloadZIP files aren't forwarded to Enterprise DLP. Instead, the enforcement point unzips the file contents and evaluates each file against the DLP Rule or data filtering profile configuration. The enforcement point forwards each file to Enterprise DLP.- Prisma Access and NGFW (Managed by Panorama or Strata Cloud Manager)—Enterprise DLP supports up to four levels of file compression. The total file size for all uncompressed files may not exceed the maximum supported file size for each app.
- Data Security—No maximum number of file compression levels. The total file size for all uncompressed files cannot exceed the maximum supported file size for each app.
Enterprise DLP doesn't support inspection of encrypted ZIP files.