Workflow for detecting custom file types
Symantec Data Loss Prevention
detects more than 300 file types. However, if the type of file you want to detect is not supported, you can detect it using a custom script. Use the Symantec Data Loss Prevention
Scripting Language to write a script that detects the binary signature of the particular file format you want to detect.In addition, you can use the design-time
Symantec Data Loss Prevention
File Type Analyzer utility to determine the unique bytes of the custom file type you want to detect.- To detect custom file types
- Create a sample archive or directory containing several instances of the custom file or document type you want to detect.Create different samples of the document, with different features turned on and off, and based on different software versions.
- Use theSymantec Data Loss PreventionFile Type Analyzer utility to read in the bytes of the data set.Look for patterns among the file bytes to determine file type recognition characters (also known as "magic bytes"). Refine the sample and run more scans as necessary.
- Use theSymantec Data Loss PreventionScripting Language to write a script that detects the custom file type. Use the File Type Analyzer utility to test and refine your script.
- Enable the Custom File Type Signature detection rule so it appears in the Enforce Server policy builder interface.
- Deploy an instance of the Custom File Type Signature condition in one or more detection rules or exceptions.
- Author a policy that uses the detection rule or exception. Test and refine the policy as necessary.