Inspecting fingerprints within archives
Suppose DeviceLock Service has the
Archives content inspection on read and/or
Archives content inspection on write parameter enabled. In this case, when applying content-aware rules to archive files, DeviceLock Service applies them to each file found in the archive (see the
Inspection of files within archives feature description). However, it may skip inspecting fingerprints of files within an archive if it has detected an exact match of the archive file with a source file of a certain fingerprint from the database.
Consider the following scenario:
•A rule uses that group to inspect an archive file, and detects that the check sum of the archive file matches the check sum of a certain fingerprint source file found in the database.
In this scenario, DeviceLock Service applies the rule to the archive file without inspecting fingerprints of files within the archive. The entire archive would be allowed or denied in accordance with the rule settings.
However, if the check sum of the archive file does not match the check sum of any fingerprint source file, then DeviceLock Service would apply the rule to each file within the archive. In case of an “allow” rule, the archive is allowed if the rule allows each file within the archive; in case of a “deny” rule, the entire archive is denied if the rule denies at least one file within the archive.