What is an Extension?

A default list of file extensions is provided for all policies, and each individual extension can be enabled or disabled separately. For example, .jar enables collection of Java JAR files. Users can add their own custom extensions as well. The list of enabled extensions, combined from the default list and the custom list, are sent to the forwarder, and used to determine when to upload a file. The extension list is used during the back scan, and by the kernel mode driver during real-time file events — file created, file written, file modified.

📘

Note:

The extension list is not used for ProcessStart or ImageLoad events, i.e. when a new process starts, or a DLL is loaded into a running process — these are always uploaded.