Content rule templates

Content rules are applied to policy routes to provide specific instructions about what the security policy is looking for, and what to do when it triggers. When you create a content rule, you must select a Content Rule Template on which to base your rule.

Content rules look for conditions that match the What To Look For? clauses and apply the What To Do? actions that have been configured.

Choose your content rule template carefully, as it determines which What To Look For? clauses are included.

  You can change the suggested What To Do? actions and add additional actions if required.

Secure Web Gateway provides the following Content Rule templates:

Template What the rule does... What to Look For? clauses Default Disposal/Primary Action
All Traffic Allows all traffic. Always Trigger the Rule Deliver/Continue
Analyze Properties Analyzes document properties for specific lexical expressions. Analyze Properties, Which Media Types, Size Restriction Deliver/Continue
Check Registered Data

Detects data that has been registered on the Information Governance Server.

Which Media Types, Classification LevelClosed The Classification Level specifically relates to values that are assigned to items that have been registered on an IG Server. The disposal action will trigger where content passing through the Gateway is matched to content registered on the IG Server, and where the Classification level for the item as set on the IG server is equal or exceeds the level set on the Gateway. If this value is set to 0 on your Gateway, matches to any IG registered items will trigger the disposal action., Direction To Apply, Scan text extracted from images (OCR)

 Deliver/Continue
Detect Active Content Detects active content (such as macros) in selected media types. Which Media Types Deliver/Continue
Detect Filenames

Detects and processes selected filenames based on Filename Lists.

Note: If you don't want to block web-content based on the extension, for example, .com and .dll extensions, you should use the Detect Media Types content rule instead. This is especially applicable to the Class 1 file extension policy rule.

Filename, Direction To Apply Deliver/Continue
Detect Lexical Expression

Detects and processes unacceptable lexical expressions in selected media types.

Note: If you want to scan scripts in the content, select the Scan Embedded Script option and use the Which Media Types clause to include a selection of media types.

 Lexical Expression, Which Media Types, Size Restriction, Direction To Apply, Scan text extracted from Images (OCR) Deliver/Continue
Detect Malformed Data Detects content containing 'bad', corrupted, or malformed data. Which media types Hold in the Message Processing Failure area/ Allow the communication
Detect Media Types

Detects and processes selected media types.

Note: If you don't want to block web-content based on the extension, for example, .com and .dll extensions, you should use this rule and not the Detect Filenames rule. This is especially applicable to the Class 1 file extension policy rule.

Which Media Types, Size Restriction Filename, Direction To Apply Deliver/Continue
Detect Spyware Call Home Detects spyware attempting to call home from inside the organization. Spyware Call Home Allow the communication
Detect Tracking Cookie Detects cookies that track spyware. Tracking Cookie Detection Allow the communication
Detect Virus Detects viruses and Malware Virus Detection

Continue to next rule (if detected)

Continue to next rule (if unsuccessful)
Download Size Restriction Applies a user-specified limit to the size of files that can be downloaded. Download Size Restriction Of Allow the communication
Processing of request or response fails Detects request or response failures of the policy engine. Request or response has failed to be processed Allow the communication
Redact Text

Detects unacceptable lexical expressions in selected media types. Attempts to redact content.

 Lexical Expression, Which Media Types, Size Restriction, Bypass Rule, Scan text extracted from Images (OCR), Direction To Apply

Deliver/Continue (if successful)

Block for Redaction Failure (if unsuccessful)
Remove Tracking Cookie Detects and removes spyware-tracking cookies. Tracking Cookie Detection Remove the cookie
Run External Command Runs an executable program that performs processing on a file type that the Gateway does not support by default. Which Media Type, Run External Command

Continue to next rule (if detected)

Continue to next rule (if modified)
Safe Search Filtering Removes explicit or unacceptable content from search engine results. Search Request Detection Filter explicit images and video from search site results
Sanitize Active Content Detects active content (such as macros) in selected media types. Attempts to sanitize content. Which Media Types, Bypass Rule, Direction To Apply

Deliver/Continue (if successful)

Block for Active Content Sanitization Failure (if unsuccessful)
Sanitize Document Content Detects metadata and document properties in selected document areas and selected media types. Attempts to sanitize content. Which Media Types, Bypass Rule, Contains Any Of The Following, Direction To Apply

Deliver/Continue (if successful)

Block for Document Sanitization Failure (if unsuccessful)
Size Bypass Excludes content scanning of file transfers that are larger than a user-specified restriction. Data Transfer Restriction Bypass content checks
Structural Validation

Checks for appended data in certain format types.

Note: Due to the use of validation images, Structural Validation in not supported for MSN Hotmail.

 Always Trigger the Rule Deliver/Continue

See also...

 

References to Email policy content are only available when an Email Gateway is included in the peer group.