Malicious password protected zip file identify
Think i need to allow password protected zip file to transfer in my network.If some how malicious file come with password protected zip file, how sonicwall identified it?
Chathura_Yapa1 Newbie ✭
Think i need to allow password protected zip file to transfer in my network.If some how malicious file come with password protected zip file, how sonicwall identified it?0
Larry All-Knowing Sage ✭✭✭✭
If you are looking for a SonicWall solution, you would need to implement Capture Client on the desktops at the site behind your TZ / NSzz appliance.
Product datasheet is here: https://d3ik27cqx8s5ub.cloudfront.net/media/uploads/2020/01/Datasheet-CaptureClient-US-COG-2413.pdf
The most recent release guide is here: https://www.sonicwall.com/techdocs/pdf/capture-client-3-0-operations.pdf
Hope that helps!1
Welcome to SonicWall community.
Since the zip file is password protected, without knowing the password, it is not possible for us to find the contents of that file and take necessary action. That is the reason we only have an option to either allow or block transfer of such files. You can restrict the transfer of such files and create exclusions as shown before if the source/destination of the file is known. In that way only when the password protected zip file comes from or sent to those IP addresses, it will be allowed and blocked on all other connections.
If that cannot be done, I completely agree with @Larry. We would need to have Capture Client as the end point security on the machine which can see the contents of the zip file after entering the password. It would then get blocked on the end machine itself.