Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Malicious password protected zip file identify

HI,

Think i need to allow password protected zip file to transfer in my network.If some how malicious file come with password protected zip file, how sonicwall identified it?

Category: Firewall Security Services
Reply

Best Answers

  • CORRECT ANSWER
    Chathura_Yapa1Chathura_Yapa1 Newbie ✭
    edited September 2020 Answer ✓

    HI,

    Think i need to allow password protected zip file to transfer in my network.If some how malicious file come with password protected zip file, how sonicwall identified it?

  • CORRECT ANSWER
    LarryLarry All-Knowing Sage ✭✭✭✭
    Answer ✓

    If you are looking for a SonicWall solution, you would need to implement Capture Client on the desktops at the site behind your TZ / NSzz appliance.

    Product datasheet is here: https://d3ik27cqx8s5ub.cloudfront.net/media/uploads/2020/01/Datasheet-CaptureClient-US-COG-2413.pdf

    The most recent release guide is here: https://www.sonicwall.com/techdocs/pdf/capture-client-3-0-operations.pdf

    Hope that helps!

  • CORRECT ANSWER
    shiprasahu93shiprasahu93 Moderator
    Answer ✓

    Hello @Chathura_Yapa1,

    Welcome to SonicWall community.

    Since the zip file is password protected, without knowing the password, it is not possible for us to find the contents of that file and take necessary action. That is the reason we only have an option to either allow or block transfer of such files. You can restrict the transfer of such files and create exclusions as shown before if the source/destination of the file is known. In that way only when the password protected zip file comes from or sent to those IP addresses, it will be allowed and blocked on all other connections.

    If that cannot be done, I completely agree with @Larry. We would need to have Capture Client as the end point security on the machine which can see the contents of the zip file after entering the password. It would then get blocked on the end machine itself.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

Sign In or Register to comment.