Allow Content and Scan Containers Explanation


This article applies to:

  • SWG Versions 8.5.0,9.0, 9.2.0, 9.2.5, and 10.0

Question:

  • What is meant by the Advanced Action "Allow content and Scan containers" when used in conjunction with “Allow” when creating a new rule in a policy?

Information:

When creating a rule in any policy there is the ability to "Allow" but this can have different methods attached it using “Advanced Action”. One method specifically is "Allow Content and Scan Containers".

The first part to clarify is that a "Container" in SWG jargon stands for a Super-set of compressed archives such as ZIP, RAR, TAR, CAB, BZIP2, GZIP and others which are not archives specifically such as MIME containers (used in email format and used for HTML forms files. As well as 'whole page save' when using IE - using .MHT as the file to save to) or CHM container (compressed HTML help files, used by MS products).

What happens when using the "Allow content and Scan containers" Advanced Action:

When content reaches a rule using the "Action" "Allow content and Scan Containers" it will stop the Policy evaluation on this rule (meaning no more rules will be used to evaluate that page after the current rule), but if the content is a container the system will extract all the items held in the container. The scanner will then evaluate every file in the container using the Policy that has been assigned to that user until the evaluation is complete.

Where the content is not an archive or container (as would be the case with most web content) the action is simply equivalent to “Allow” without any further scanning.

 


Last Modified 2/17/2012.
https://support.trustwave.com/kb/KnowledgebaseArticle14058.aspx