Data Loss Prevention – Expanded File Type Controls for Executables and Disk Images

You can now enhance your security posture by blocking additional application installer and disk image file types with Cloudflare Gateway. Preventing the download of unauthorized software packages is a critical step in securing endpoints from malware and unwanted applications.

We have expanded Gateway’s file type controls to include:

• Apple Disk Image (dmg)
• Microsoft Software Installer (msix, appx)
• Apple Software Package (pkg)

You can find these new options within the Upload File Types and Download File Types selectors when creating or editing an HTTP policy. The file types are categorized as follows:

• System: Apple Disk Image (dmg)
• Executable: Microsoft Software Installer (msix), Microsoft Software Installer (appx), Apple Software Package (pkg)

To ensure these file types are blocked effectively, please note the following behaviors:

• DMG: Due to their file structure, DMG files are blocked at the very end of the transfer. A user’s download may appear to progress but will fail at the last moment, preventing the browser from saving the file.
• MSIX: To comprehensively block Microsoft Software Installers, you should also include the file type Unscannable. MSIX files larger than 100 MB are identified as Unscannable ZIP files during inspection.

To get started, go to your HTTP policies in Zero Trust. For a full list of file types, refer to supported file types.

Source: Cloudflare

Latest Posts