File filters

File filters target the actual executable that is being run, with numerous sub types targeting different aspects of executables.

Types of File Filters include:

  • Application Compatibility Filters - These filters are used to detect administrative privileges that may be required.
  • Drive Type Filters - These are filters that are used to specify a drive type.
  • Executable Filters - These filters specify executables that are commonly used, such as - Instant Messaging applications, web browsers, mail clients, etc.
  • Executable Headers Filters - Filter based on an executable header attributes.
  • File Owner Filters - Filter based on the owner of the file.
  • File Specification Filters - These filters use the location of the executable for filtering.
  • File Type Filters - These filters use the extension or MIME type to filter.
  • Manifest Present Filter - These filters test whether an executable has a security manifest.
  • Security Catalogs Filter - These filters use the security catalogs to filter.

 

Drilldown to specific dynamic filter types

File filters

Application Compatability

Description

 

You can use or create these filters to filter by whether or not administrative privileges are required.

Drive Type

Description

 

You can use or create these filters for what type of media or where an application is launched from.

Executable Filters

Description

Instant Messaging Applications -

  • AOL Instant Messenger
  • Google Talk
  • MSN Messenger
  • Skype
  • Trillian
  • Windows Messenger
  • Yahoo! Messenger

You can apply security policies to any of the listed Instant Messaging applications. If any of these applications are installed in the future, you can automatically add them to a policy. You can:

  • Enter a filter name and description.
  • Enter a File name and File path in the fields provided.
  • (Optional) Click Include subdirectories to filter them also.
  • Enter Win32 Executable File Information:
    • Internal Name
    • Original file name
    • File version
    • Product name
    • Product version
    • Company name

Internet Browsers - 

  • Firefox
  • Internet Explorer

You can apply a security policy to the listed Internet applications. You can configure it the same as Instant Messaging Applications, above.

Mail Clients - 

  • Eudora
  • Outlook Express

You can apply a security policy to the listed mail applications. You can configure it the same as Instant Messaging Applications, above.

Media Players - 

  • iTunes
  • Microsoft Windows Media Player
  • QuickTime
  • RealPlayer
  • Winamp

You can apply security policies to the listed Media Player applications. If any of these applications are installed in the future, you can automatically add them to a policy. You can configure them the same as Instant Messaging Applications, above.

MS Office Suite - 

  • MS Access
  • MS Excel
  • MS FrontPage
  • MS Outlook
  • MS Word
  • Microsoft Installer Filer Filter
  • Win32 Executables Discovered in the Last Week

You can apply security policies to the listed Microsoft Office Suite applications. If any of these applications are installed in the future, you can automatically add them to a policy. You can configure them the same as Instant Messaging Applications, above.

Executable Headers

Description

 

You can use these to filter an executable filter by type based on it's header.

File Owner

Description

 

You can use these filters to specify if an application should or should not be launched based on who the owner is.

File Specifications

Description

 

You can use these filters to use the Default File Specification.

File Types

Description

 

You can use these filters to specify the extension of a file or MIME type to filter.

Manifest

Description

 

You can use these filters to filter programs that manifest administrative rights are needed.

Security Catalogs

Description

 

You can use these filters to filter programs based on if they are found in the Security catalog.