Scan file sharing downloads for malware
If ETP Proxy is enabled in a policy, you can configure Enterprise Threat Protector (ETP) to analyze traffic from supported file sharing services. To do this, assign the Classify action to the File Sharing policy option. If a threat is discovered in download files, the action that corresponds to the threat type or category is completed. For example, if malware is discovered, the threat is assigned the action that’s associated with known malware in the Threat tab of the policy.
If your organization is licensed for ETP Advanced Threat and as a result, Inline Payload Analysis is enabled, ETP Proxy scans files that are up to 5 MB in size.
| Supported File Sharing Service | Domain |
|---|---|
| iCloud | icloud-content.com |
| OneDrive | bn.files.1drv.com |
| Box | public.boxcloud.com |
| Google Drive (browser-based application) | googleusercontent.com |
| Dropbox (browser-based application) | dl.dropboxusercontent.com dl-web.dropbox.com |
Configure exceptions for file sharing scanning
| Desktop Application | Description |
|---|---|
| Google Drive | www.googleapis.com |
| Dropbox | dl.dropbox.com |
Similarly, if there are supported file sharing services that you want to allow or that you want to block, you can create a custom list that includes the domains of the service or services. In the policy configuration, you can then assign the action you need. For example, if you want to specifically block one service while scanning and classifying threats in the other services, you can assign the Block action to the custom list with the service you want to block.
Block file sharing services
Alternatively, if you do not want to analyze downloads with inline payload analysis or your organization is not licensed for ETP Advanced Threat, you can block all file sharing services by blocking the File Sharing AUP category. When this category is blocked, both the Allow and Classify actions for the File Sharing policy setting are not available.