File Content Heuristic Engine
Ransomware, A type of Malware that encrypts files and removes originals forcing the enterprise to pay to get the key, is a huge problem to enterprises. If a Filecloud client computer is compromised by Ransomware, files will be encrypted and synchronized to FileCloud server. The encrypted file will get versioned and backed up and synced to other clients. Recovery, while possible due to versioning (Older files will still be present), is time consuming and cumbersome. It will also require server downtime.
With v13, FileCloud has a built in Heuristic Engine that can detect file type based on it content signature and if the detected file type does not match its mime type, then a variety of actions can be setup.
File Content Heuristic Engine is a part of FileCloud's Workflow Facility.
To setup to scan every single file that is uploaded into FileCloud system, A new workflow with the following "Condition" should be setup
Select the "If a file is create or uploaded" condition
Set the parameter to scan "/" , indicating that all files need to be scanned. If you have uploads restricted to specific folder (like /EXTERNAL/docs/uploads), then that folder can be setup as well
For this condition, there are two possible actions.
Verify file integrity and generate admin alert on mismatch : This action will detect the mismatch and will add an entry to the "Alerts" section of Admin portal
Verify file integrity and delete on mismatch: This action will detect mismatch and delete the file from the filecloud system. An Audit entry will be added to indicate that the file has been deleted by the workflow
Set Parameter to ignore the file if the file size exceeds certain size. In this example, it is setup to ignore if file size exceeds 10 MB
Assign a name for the Workflow