FilePolicy

Description

A file policy is a set of configurations that the system uses to perform malware protection and file control, as part of your overall access control configuration. This association ensures that before the system passes a file in traffic that matches an access control rule’s conditions, it first inspects the file (Note: The field level constraints listed here might not cover all the constraints on the field. Additional constraints might exist.)

Supported Operations

Model Properties

Property Required Type Description
version False string A unique string version assigned by the system when the object is created or modified. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete an existing object. As the version will change every time the object is modified, the value provided in this identifier must match exactly what is present in the system or the request will be rejected.
name True string Name of the File Policy. It must match pattern (^[a-zA-Z0-9_]$)|(^[a-zA-Z0-9_][ a-zA-Z0-9_.+-]*[a-zA-Z0-9_.+-]$). (Note: Additional constraints might exist)
description False string File policy description
Field level constraints: length must be between 0 and 200 (inclusive), must match pattern ^[a-zA-Z0-9_][ a-zA-Z0-9_.,+-]*. (Note: Additional constraints might exist)
firstTimeAnalysis False boolean A Boolean value, TRUE (the default) or FALSE. Specify TRUE to store and locally analyze files that have not been seen before (that have an Unknown status), while the AMP cloud disposition is pending. The file must match a rule configured to perform a malware cloud lookup and Spero, local malware, or dynamic analysis. Specify FALSE to conserve storage and processing resources, and have these files marked with the Unknown disposition
enableCustomDetectionList False boolean A Boolean value, TRUE (the default) or FALSE. Specify TRUE to block all files on the custom detection list. If you specify FALSE, the custom detection list is ignored even if you configure one
enableCleanList False boolean A Boolean value, TRUE (the default) or FALSE. Specify TRUE to allow all files on the clean list. If you specify FALSE, the clean list is ignored even if you configure one
inspectArchives False boolean A Boolean value, TRUE or FALSE (the default). Specify TRUE to enable the inspection of the contents of archived files that are within the maximum file size for storing files, as defined in the advanced access control settings
blockEncryptedArchives False boolean A Boolean value, TRUE or FALSE (the default). Specify TRUE to block files if the contents are encrypted
blockUnInspectableArchives False boolean A Boolean value, TRUE (the default) or FALSE. Specify TRUE to block the archive file if it cannot be inspected for any reason other than encryption. For example, corrupted files or nested files that exceed your maximum archive depth
maxArchiveDepth False integer An integer, 1-3, the default is 2. The maximum number of nested archives that can be scanned. The top-level archive file is not considered in this count, so 1 refers to the level of the first nested file
Field level constraints: must be between 1 and 3 (inclusive). (Note: Additional constraints might exist)
isSystemDefined False boolean A Boolean value, TRUE or FALSE (the default). The TRUE value indicates that the system created the object. FALSE indicates that the object is user-defined
id False string A unique string identifier assigned by the system when the object is created. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete (or reference) an existing object.
Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
type True string A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name.