Inspecting fingerprints within archives

Suppose DeviceLock Service has the Archives content inspection on read and/or Archives content inspection on write parameter enabled. In this case, when applying content-aware rules to archive files, DeviceLock Service applies them to each file found in the archive (see the Inspection of files within archives feature description). However, it may skip inspecting fingerprints of files within an archive if it has detected an exact match of the archive file with a source file of a certain fingerprint from the database.

Consider the following scenario:

•A Digital Fingerprints content group has the Exact file match option enabled (see Dialog box for configuring a Digital Fingerprints group).

•A rule uses that group to inspect an archive file, and detects that the check sum of the archive file matches the check sum of a certain fingerprint source file found in the database.

In this scenario, DeviceLock Service applies the rule to the archive file without inspecting fingerprints of files within the archive. The entire archive would be allowed or denied in accordance with the rule settings.

However, if the check sum of the archive file does not match the check sum of any fingerprint source file, then DeviceLock Service would apply the rule to each file within the archive. In case of an “allow” rule, the archive is allowed if the rule allows each file within the archive; in case of a “deny” rule, the entire archive is denied if the rule denies at least one file within the archive.