Getting Started
Trust CenterTourStatusPageSupport

What is an Extension?

Suggest Edits

A default list of file extensions is provided for all policies, and each individual extension can be enabled or disabled separately. For example, .jar enables collection of Java JAR files. Users can add their own custom extensions as well. The list of enabled extensions, combined from the default list and the custom list, are sent to the forwarder, and used to determine when to upload a file.

Extension List Considerations

The extension list is overridden in two cases:

  • Matching exclusions prevent files from being sighted and uploaded.
  • Matching magic bytes will allow the file to be uploaded, provided that the file does not match an exclusion.

Magic Bytes

As it happens, operating systems often don't care about file extensions. For example, even if you rename test.exe to test.txt, it continues to be an executable, and can still be launched via cmd.exe or the win32 API etc.

Because of this, even if a file extension is not in the policy's extension list, the forwarder will still examine the file to determine if it has the relevant magic bytes. If so, the file will be uploaded unless there is an exclusion in place to prevent the upload.

Updated 28 days ago