Malicious password protected zip file identify

Best Answers

• CORRECT ANSWER

  Chathura_Yapa1 Newbie ✭

  September 2020 edited September 2020 Answer ✓

  HI,

  Think i need to allow password protected zip file to transfer in my network.If some how malicious file come with password protected zip file, how sonicwall identified it?

  0
• CORRECT ANSWER

  Larry All-Knowing Sage ✭✭✭✭

  September 2020 Answer ✓

  If you are looking for a SonicWall solution, you would need to implement Capture Client on the desktops at the site behind your TZ / NSzz appliance.

  Product datasheet is here: https://d3ik27cqx8s5ub.cloudfront.net/media/uploads/2020/01/Datasheet-CaptureClient-US-COG-2413.pdf

  The most recent release guide is here: https://www.sonicwall.com/techdocs/pdf/capture-client-3-0-operations.pdf

  Hope that helps!

  1
• CORRECT ANSWER

  shiprasahu93 Moderator

  September 2020 Answer ✓

  Hello @Chathura_Yapa1,

  Welcome to SonicWall community.

  Since the zip file is password protected, without knowing the password, it is not possible for us to find the contents of that file and take necessary action. That is the reason we only have an option to either allow or block transfer of such files. You can restrict the transfer of such files and create exclusions as shown before if the source/destination of the file is known. In that way only when the password protected zip file comes from or sent to those IP addresses, it will be allowed and blocked on all other connections.

  

  If that cannot be done, I completely agree with @Larry. We would need to have Capture Client as the end point security on the machine which can see the contents of the zip file after entering the password. It would then get blocked on the end machine itself.

  Thanks!

  Shipra Sahu

  Technical Support Advisor, Premier Services

  1