Common Policy Settings
[Policy] > [Basic Decontamination Policy] > [Common] Settings
"Common" of SHIELDEX FileDecontaminationThe policy defines the basic de-identification processing criteria that are uniformly applied to the entire file format.
This setting is applied first before the detailed policies for each document type (MS Office, PDF, Hancom Office, HTML, etc.) are implemented.
⚠️ The permission to set the basic de-identification policy is granted to [Administrator Type - System Administrator], and
Administrator permission settings can be configured in [Administrator Settings] > [Account and Permission Management].
Detailed Description of Settings Items
| Policy Name | Description |
|---|---|
| Setting the Decontamination Treatment Strength | Set the level for identifying risk factors and extracting safe content. ('Maximum Security' recommended) --- The 'Maximum Security' mode identifies all risk factors and reconstructs the document by extracting only safe content. The 'Maximum Consistency' mode reconstructs the content by selecting safe content while maintaining the original document structure as much as possible. |
| Harmless Extension Filter | Enter the allowed file extensions for decontamination processing, separated by semicolons. Extensions not included here are classified as unsupported extensions, and you can configure the handling method in the 'Unsupported Extension Blocking Settings'. --- If no value is entered, it allows sanitization for all extensions. Input example) docx;xlsx; |
| Harmless Deactivation Block Extension Filter | Specify the extensions that block the import itself regardless of decontamination, separated by semicolons. Input example) docx;xlsx; |
| Setting Size Limits for Decontamination Processing | Specify the decontamination processing limit in megabytes. (Recommended: 100MB) Files exceeding the specified size are handled according to the 'Blocking Settings for Exceeding Decontamination Processing Size'. (for the purpose of preventing delays in decontamination due to large files or consumption of system resources) |
| Blocking settings when the decontamination processing size exceeds | Set whether to block the import of the file if its size exceeds the size limit set in 'De-identification Processing Size Limit Setting'. |
| Password Protected Document Processing Settings | Set the handling of documents with a password. Documents with set passwords are subject to decontamination restrictions and will be blocked or imported based on policy settings. |
| Password Protected Compressed File Handling Settings | Set the handling method for password-protected compressed files. Files with set passwords are restricted from being decontaminated and will be blocked or returned to the original based on policy settings. |
| Encryption File Processing Settings | Set the processing method for files encrypted with DRM. Encrypted files are blocked or imported in their original form according to policy settings due to restrictions on decryption processing. |
| Format Identification Unrecognized File Processing Settings | Set the handling method for cases where the file format cannot be verified. If the file is corrupted or encrypted in an unknown manner, making it impossible to analyze its internal structure, the sanitization process is limited and will be blocked or returned to the original based on policy settings. |
| Blocked settings for unsupported file extensions | Set the import status for extensions not supported by the service and extensions not included in the 'Allowed Extension Filter for Decontamination'. |
| Extension Spoofing Prevention Settings | If the extension does not match the actual file format, it is considered tampering, and the import status will be set accordingly. --- We recommend configuring blocking settings to verify the reliability of files and to prevent the infiltration of disguised malicious files. For example, if a file appears to have a docx extension but the actual format is exe, it is considered a tampered extension. |
| Setting File Path Length Exceed Block 여부 | Set the handling method for files that exceed the maximum path length allowed in the operating environment (the combined length of the folder path and file name). |
Input Rules and Precautions
- Input extension is
세미콜론(;)You must enter it exactly without spaces as a separator. - If you do not enter a value for the 'Allowed Extension Filter for Sanitization', it will be set to allow sanitization for all extensions.
- The 'harmful file extension' is blocked unconditionally, regardless of the allowed harmless extensions.
- When setting the file size, please configure it to an appropriate value considering system performance and the time required for decontamination processing.
- 'Extension spoofing' is an important policy to prevent attacks that exploit security vulnerabilities.
Notes
- This setting isCommonly applied to all file formatsYou can additionally set detailed policies for each individual format in the respective tabs (MS Office, PDF, etc.).
- After changing the settings, you can check the records and restore them in the [Policy Change History] tab.