Path: Security - Data Leakage Prevention Profile

Using a Data Leakage Prevention Profile (DLP) you can avoid a transmission of dedicated documents based on their file name - this will reduce the loss of secure information.

Please take care:

The system will no inspect the content of a document itself! If the user is renaming the file to a different file extension, is using compression (e.g. ZIP) or sends a file without a file extension the Threat Defender can not take care of them!

The following transmissions are checked:

  • SMTP (mail)
  • IMAP (mail)
  • POP (mail)
  • HTTP
  • FTP


Avoid an upload of MS Office.


To achieve this the Theat Defender needs to know what to look for (file extension) and how to handle this (block).

Setup the Data Leakage Prevention Profile (DLP)

At first will tell the Threat Defender what to look for. So, we will implement all the known (e.g. see Wikipedia) Standard Microsoft Office filename extensions:

Please goto Security - Data Leakage Prevention Profile and add a new profile via the ADD button.

The DLP needs to know the occurrence (Is, Contains, Starts with, End with), the patterns the system should look for and if the system should take care if the filenames are "Case Sensitiv" or not.

Within a profile you can add more filename–occurrence–type combinations. This amount of combinations is limited to the memory of the system only, as much profiles need to be checked as much RAM is required.

The following screenshot is showing the profile for Standard MS Office files (click to enlarge):

Setup the Rule

The next step is to setup the rule which tells the checks the filename and block the transmission of these files.

  1. Create a rule via ADD button.
  2. Setup the  Source and Destination :
  3. Setup the  Conditions :
    select the previously created Data Leakage Protection Profile
  4. Finally set the  Action  to Reject:
  5. SAVE the rule

Now all network transmissions via the mentioned protocols are checked & the upload of documents matching the Data Leakage Protection profiles will be logged and blocked.