SharePoint File Filtering in ForeFront

The Forefront Security for SharePoint file filter feature gives you the ability to filter files with a specific type, extension, or names. Like in keyword filter feature, as we have explored in my previous article, the file filter can be configured to perform actions on the file such as delete, quarantine, notify, and report the detected file. A demonstration video is available for download in a limited number of days.

1.      Let us start by opening out ForeFront Server Security Administrator. In the shuttle navigator let us click Filtering, and then the File icon. Below is the illustration.

1.      In the upper pane of the File Filtering window, for demonstration purposes, let us select SharePoint (Manual Scan Job).

2.      In the File Names pane let us click Add, then type “*.docx”, and the press enter.

Electively, we can configure to filter files based on their size by specifying the size in kilobytes, megabytes, or gigabytes. Example: *.doc=>150KB.

3.      A .docx file may not have an OPENXML file type. In the File Types list box, ForeFront has provided us the facility to specify the file type associated to the selected File Name. For demonstration purposes, let us check the All Types checkbox at the bottom of the File Types list.

4.      Let us make sure that the File Filter is set to Enabled. And then, for our purpose, let us set the Action to Skip: Detect Only.

In my previous piece, I have briefly described the various Action options we could set for our filter.

5.      Let us uncheck the Send Notification and check the Quarantine Files option. And to confirm the configuration, let us click Save.  Below is the illustration.

To check the filter we have defined, let us create a Word document, and then upload it in a document library in our SharePoint site. Subsequently, let us open our ForeFront Server Security Administrator, and in the Operate shuttle navigator, let us click the Quick Scan icon. Select the corresponding Web application in the explorer pane, select corresponding File Scanners, set the Bias field to Favor Certainty - notwithstanding that it is not used in file filtering, and the Action field to Skip: Detect Only. Lastly, uncheck the Send Notifications option, and check the Quarantine Files. Below is the illustration.

In my previous blog, I have tried to tabulate the possible Bias settings.

And there we go! Let us just click the Run button and the malicious document we have uploaded will be detected and it will be logged in the Quarantine under the Report shuttle navigator.

Hoping this piece would help.