Blocking Outbound UTF-8/UTF-16 Encoded Files

Blocking Outbound UTF-8/UTF-16 Encoded Files

Native Unicode UTF-8 and UTF-16 support by Application Control allows encoded multi-byte characters, such as Chinese or Japanese characters, to be entered as match object content keywords using the alphanumeric input type. Application Control supports keyword matching of UTF-8 encoded content typically found in Web pages and email applications, and UTF-16 encoded content typically found in Windows OS/Microsoft Office based documents.

Blocking outbound file transfers of proprietary Unicode files over FTP is handled in the same way as blocking other confidential file transfers.

To create a policy that blocks outbound UTF-8/UTF-16 encoded files:

1

Navigate to Firewall > Match Object.

2

Click Add New Match Object. The Add/Edit Match Object dialog displays.

3

Create a match object that matches on UTF-8 or UTF-16 encoded keywords in files.

For example, a match object type of File Content with a UTF-16 encoded Chinese keyword that translates as “confidential document.”

4

5

Navigate to Firewall > App Rules.

6

Click Add New Policy. The Edit App Control Policy dialog displays.

7

Create a policy that references the match object and blocks transfer of matching files, blocks the file transfer, and resets the connection. Select Enable Logging so any attempt to transfer a file containing the UTF-16 encoded keyword is logged.

8

A log entry is generated after a connection Reset/Drop, including the Message stating that it is an Application Control Alert, displaying the Policy name and the Action Type of Reset/Drop; for example: