currently we have the opportunity to add files with specific names to the Denylist. It would be really helpful if this feature is also available with the “Allowlist”.
To give an example on what I exactly mean: Let’s say we have set up a policy which blocks all docx files, but we want to allow docx with specific names. This feature would help us in this case.
An nice addition to this feature would be to be able to work with wildcards like Andrew Mikhaliuk described in the other thread in this community “Suggestion: Support for Wildcards in File Name Denylist Settings”
Am I missing something how I can realize the above mentioned scenario? Does somebody else also would like to have the File Name category in the Allowlist?
This is a good one! Logically, if there is a File Name Denylist feature, we should also expect a File Name Allowlist feature. So it’s a fair question, why is File Name Allowlist missing?
From a security standpoint, introducing a File Name Allowlist could create a significant risk, particularly from an insider threat perspective. It could open a black hole that malicious users or bad actors might exploit. One could hide large amounts of confidential data inside docx files and the EPP agent wouldn’t scan inside them because the file name is allowed. In my opinion, the risks outweigh the benefits.
My recommendation is to use the “Allowed File” feature. This method compares the hash of outgoing files against those stored in the server’s database, so it’s secure. However, I understand that this solution may not fit every customer’s needs.
If you think a File Name Allowlist feature would be helpful for your particular use case, and you are willing to accept the associated risks, feel free to open a feature request via the support portal and our Product Management team can review it.
I don’t really understand the security-point, because that is the whole point of Allowlists. That’s the same with “MIME Types”, “File Location”, “Network Share”, “Email-Domain”. Here you are actively accepting the risk of data loss when you have a Allowlist configured.
The Email domain allowlist is typically used to whitelist the company’s internal email domain. This will allow users to send any type of data to internal recipients. Since the data doesn’t leave the organization, it won’t cause a data breach.
Similarly, the Network Share Allowlist can be used to whitelist internal file servers for certain computers, while blocking data uploads to all other Network Shares.
In my opinion, the key difference is that some allowlists, like Email Domain and Network Share, pose minimal risk, whereas others, like a File Name Allowlist, could introduce significant security gaps and increase the potential for massive data breaches.
From my perspective, a File Name Allowlist feature would be high risk, but that doesn’t mean it’s not a valid request.