Skip to end of metadata
Go to start of metadata

File Content Heuristic Engine

Ransomware, A type of Malware  that encrypts files and removes originals forcing the enterprise to pay to get the key, is a huge problem to enterprises. If a Filecloud client computer is compromised by Ransomware, files will be encrypted and synchronized to FileCloud server. The encrypted file will get versioned and backed up and synced to other clients. Recovery, while possible due to versioning (Older files will still be present), is time consuming and cumbersome. It will also require server downtime.

With v13, FileCloud has a built in Heuristic Engine that can detect file type based on it content signature and if the detected file type does not match its mime type, then a variety of actions can be setup.

File Content Heuristic Engine is a part of FileCloud's Workflow Facility.

To setup to scan every single file that is uploaded into FileCloud system, A new workflow with the following "Condition" should be setup

Select the "If a file is create or uploaded" condition

 

Set the parameter to scan "/" , indicating that all files need to be scanned. If you have uploads restricted to specific folder (like /EXTERNAL/docs/uploads), then that folder can be setup as well

 

For this condition, there are two possible actions.


Verify file integrity and generate admin alert on mismatch : This action will detect the mismatch and will add an entry to the "Alerts" section of Admin portal

Verify file integrity and delete on mismatch: This action will detect mismatch and delete the file from the filecloud system. An Audit entry will be added to indicate that the file has been deleted by the workflow

 

 

Set Parameter to ignore the file if the file size exceeds certain size. In this example, it is setup to ignore if file size exceeds 10 MB


Assign a name for the Workflow

 

 

 

 

 

 

 

 

 

  • No labels