Download (Web) Emulation & Extraction

Endpoint Security browser protects against malicious files that you download to your device. For the browsers supported with the Endpoint Security Browser extension, see Browser Security Administration Guide.

Threat Emulation detects zero-day and unknown attacks. Files on the endpoint computer are sent to a sandbox for emulation to detect evasive zero-day attacks. The following files types are supported:

Table 1. Threat Emulation Supported File Types

Notes:

  • 1 These file types are supported only with Endpoint Security Client version E87.40 and higher.

  • 2 These file types are supported only with Endpoint Security Client version E87.60 and higher.

  • 3 These file types are supported only with Endpoint Security Client version E88.10 and higher.

lnk

msi

msg

O

one

pif

pdf

pkg

ppt

pptx

pps

pptm

potx

potm

ppam

ppsx

ppsm

ps1

qcow2

rar

rtf

sh

scr

sldx

sldm

slk

swf
tar

tbz2

tbz

tb2

tgz

udf

uue

wim

wsf

xar

xlt
xls
xlsx
xlm
xltx
xlsm
xltm
xlsb
xla
xlam
xll
xlw
xz
zip

7z

aspx

app1

arj

bat

bz2
CAB

csv

com

cpl

dll

doc
docx
dot
dotx
dotm
docm

dmg

dylib

exe
gz
hwp
iso

img

iqy
jar

Threat Extraction proactively protects users from malicious content. It quickly delivers safe files while the original files are inspected for potential threats.

To see the list of file types which are supported by Threat Emulation and Threat Extraction, go to Advanced Settings > Threat Emulation > Override Default File Actions > Edit.

These are the configuration options for supported file types:

  • Prevent - Send files for emulation and extraction. For further configuration for supported files, go to Advanced Settings > Supported Files:
    • Get extracted copy before emulation completes - You can select one of these two options. The system appends .cleaned to the file name. For example, xxx.cleaned.

      • Extract potential malicious elements - The file is sent in its original file type but without malicious elements. Select which malicious parts to extract. For example, macros, Java scripts and so on.

      • Convert to PDF - Converts the file to PDF, and keeps text and formatting.

        Tip:

        If you use PDFs in right-to-left languages or Asian fonts, preferably select Extract files from potential malicious parts to make sure that these files are processed correctly.

    • Suspend download until emulation completes - The user waits for Threat Emulation to complete. If the file is benign, the gateway sends the original file to the user. If the file is malicious, the gateway presents a Block page and the user does not get access to the file. This option gives you more security, but may cause time delays in downloading files. The system downloads the file with the original file name.

    • Emulate original file without suspending access - The gateway sends the original file to the user (even if it turns out eventually that the file is malicious).

    • Allow - All supported files are allowed without emulation. This setting overrides the Prevent setting selected in the main page.

  • Detect - Emulate original file without suspending access to the file and log the incident.

  • Off - Allow file. No emulation or extraction is done. The download of all supported files is allowed.