SHIELDEX File Glossary
This document provides definitions and explanations of key technical terms used in the SHIELDEX File document.
Core Technology
| Terminology | Description |
|---|---|
| CDR (Content Disarm & Reconstruction) | It is a technology that identifies risks within document files (Disarm) and extracts only safe content to reconstruct the document (Reconstruction). The CDR technology does not simply isolate or delete files like a vaccine; instead, it identifies the risk elements within the file (e.g., macros, scripts, links, etc.) and selectively reconstructs a new file with only safe content. It can preemptively block various threats, including zero-day attacks, without the need for signature or behavior analysis. |
| Decontamination | It is the process of identifying risk factors within a file and reconstructing a new file by extracting only safe content. SHIELDEX File processes files to neutralize them through CDR technology, identifying risk factors and selectively reconstructing only safe content, thus preserving the core content of the original document, such as text, images, and layout. |
Security Terms
| Terminology | Description |
|---|---|
| Antivirus | This is security software that detects and removes malware. It uses a signature-based detection method to identify known malware patterns. Traditional antivirus solutions are vulnerable to unknown threats (zero-day attacks, mutated malware), and if detection fails, threats can infiltrate the system. SHIELDEX File operates not by detection but by identification, extraction, and reconstruction, overcoming these limitations. |
| sandbox | It is a form of security that operates in a protected area to prevent the system from being manipulated fraudulently. SHIELDEX File provides fast processing speed based on a high-performance decontamination engine without the sandbox execution process. Existing behavior-based detection is vulnerable to sandbox bypass techniques and makes it difficult to block threats before execution. |
| signature | It is an identifier used to identify unique code patterns or characteristics of malware. Existing signature-based detection methods are vulnerable to variant malware and zero-day attacks. SHIELDEX File does not use signature-based detection methods and identifies risk factors through CDR technology, extracting only safe content. |
| Zero-Day Attack | When a security vulnerability is discovered, it is an attack that occurs before a response plan for that vulnerability is established. CDR technology can proactively block various threats, including zero-day attacks, without signatures or behavior analysis. It identifies risk factors regardless of whether they are malicious and extracts only safe content to block the threat itself. |
| Zero Trust | It is a security approach that verifies without trust. CDR technology operates on a zero-trust basis, identifying risk factors and extracting only safe content, regardless of whether it is malicious. It always provides "clean results" without being affected by detection failures or bypass techniques. |
| Steganography | It is a technology that hides information in images or files. It detects and removes hidden malware in images to respond to steganography attacks. SHIELDEX File detects and removes hidden malware within image files. |
File-related Terms
| Terminology | Description |
|---|---|
| Macro | This is the auto-execution script code included in the document.VBAMacros can contain malicious code and pose a security threat. SHIELDEX File removes macros according to policy. |
| OLE (Object Linking and Embedding) | Objects such as other documents or executable files inserted within the document. OLE objects can contain malicious code and may pose a security threat. Depending on the policy, OLE objects can be removed or kept as exceptions. |
| hyperlink | This is a link that connects to external files, web addresses, etc. It can pose a security threat as it may link to malicious macros, external files, or web addresses. Hyperlinks may be removed according to policy. |
| ActiveX | Controls that enable interaction in documents. ActiveX controls can pose security threats as they may trigger the execution of malicious code. Depending on the policy, ActiveX controls can be removed or kept as exceptions. |
| DDE (Dynamic Data Exchange) | This feature allows automatic data exchange between documents. DDEAUTO enables automatic data exchange between documents, which can pose a security threat. Depending on the policy, DDEAUTO can be removed. |
| script | Executable code included in the document. Scripts in the document, such as JavaScript and VBA, may contain malicious code and pose a security threat. Scripts will be removed according to policy. |
| MIME type | An internet standard identifier that represents the actual format of a file. For example,application/pdfis a PDF file,application/vnd.openxmlformats-officedocument.wordprocessingml.documentrepresents a Word document. You can check for extension spoofing by comparing the file extension with the actual MIME type. |
| Extension Forgery | This is a case where the actual format of the file does not match the extension. For example, if the file extension appears as .docx but the actual format is .exe, it is considered a spoofed extension. This is an important policy to prevent attacks that exploit security vulnerabilities. |
| Forensic Data | This is the static property (Metadata) information of the file. It analyzes and provides technical/structural information included within the file, such as creation/modification history, production tools and versions, permission settings, document format, version, and number of pages. |
Technical Terms
| Terminology | Description |
|---|---|
| AES (Advanced Encryption Standard) | It is a symmetric key encryption algorithm adopted by the National Institute of Standards and Technology (NIST) in the United States. It is currently the most widely used encryption standard, supporting key lengths of 128 bits, 192 bits, and 256 bits. SHIELDEX File securely stores backup files by encrypting them with AES. |
| VBA (Visual Basic for Applications) | It is a programming language used in Microsoft Office applications. It provides automation features within documents, but it can contain malicious code, posing a security threat. The SHIELDEX File removes VBA macros according to policy. |
| CSV (Comma-Separated Values) | This is a text file in comma-separated values format. It is a standard format used for exchanging data between spreadsheet or database programs. The SHIELDEX File can export decontamination results or audit logs in CSV format. |
| JSON (JavaScript Object Notation) | A lightweight text-based format for exchanging data. It has a structure that is easy for humans to read and write, and easy for machines to parse and generate. The SHIELDEX File provides task logs in JSON format, which can be used for technical analysis or debugging. |
| IPv4 (Internet Protocol version 4) | The fourth version of the network layer protocol used on the internet. It uses a 32-bit addressing scheme and is represented in the form of, for example, 192.168.1.1. The SHIELDEX File manages an IP whitelist based on IPv4 addresses for access control to the administrator web console. |