Threat Extraction

Threat Extraction - General

What can I do here?

Use this window to configure:

UserCheck settings
Mail Protocol
Extraction Settings
File types

Getting Here - Security Policies > Threat Prevention > Policy > Threat Tools > Profiles > Profile > Edit > Threat Extraction > General

Threat Extraction General Settings

On the Threat Extraction > General page, you can configure these settings:

UserCheck Settings
- Allow the user to access the original file
- Allow access to original files that are not malicious according to Threat Emulation
  Note - This option is only configurable when the Threat Emulation blade is activated in the General Properties pane of the profile.
- UserCheck Message
  Select a message to show the user when the user receives the clean file. In this message, the user selects if they want to download the original file or not. To select the success or cancelation messages of the file download, go to Manage & Settings > Blades > Threat Prevention > Advanced Settings > UserCheck. You can create or edit UserCheck messages on the UserCheck page.
- Optional: To give the user access to the original email, click Insert Field, and select Send Original Mail.
  Send Original Mail is added to the message body.
Protocol
- Mail (SMTP)
Click Configure to set the maximum MIME nesting level for emails that contained nested MIME content.
Extraction Method
- Extract files from potential malicious parts - Selected by default
  Click Configure to select which malicious parts the blade extracts. For example, macros, JavaScript, images and so on.
- Convert to PDF -
  Converts the file to PDF, and keeps text and formatting.
Best Practice - If you use PDFs in right-to-left languages or Asian fonts, preferably select Extract files from potential malicious parts to make sure that these files are processed correctly.
Extraction Settings
- Process all files - selected by default
- Process malicious files when the confidence level is:
Set a low, medium or high confidence level. This option is only configurable when the Threat Emulation blade is activated in the General Properties pane of the profile.
File Types
- Process all enabled file types - Selected by default. The Threat Extraction blade scans all enabled file types. To see the list of enabled file types, click the blue link. To adjust the list of file types, go to the Manage & Settings view > Blades > Threat Prevention > Advanced Settings > Threat Extraction > Configure File Type Support.
- Process specific file type families -
  Select this option if you want to configure a different extraction method for certain file types. Click Configure to see the list of enabled file types and their extraction methods. To change the extraction method for a file type, right-click the file type and select: bypass, clean or convert to pdf.
Notes:
- For jpg, bmp, png, gif, and tiff files - Threat Extraction supports only extraction of potentially malicious content.
- For hwp, jtd, eps, files - Threat Extraction supports only conversion to pdf.
- For Microsoft Office and PDF files and all other file types on the list - Threat Extraction supports both extraction of potentially malicious content and conversion to pdf.
- You can also configure supported file types in the configuration file. For explanation, see sk112240.