Files transferred over a socket communication do not remain encrypted
Last Modified: 2022-09-09 19:49:52 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Files transferred over a socket communication do not remain encrypted
Technical Articles ID:
KB68994
Last Modified: 2022-09-09 19:49:52 Etc/GMT Environment
Files and Removable Media Protection (FRP) 5.x For FRP supported environments, see KB81149 - Supported platforms for File and Removable Media Protection. ProblemIf you transfer encrypted files over a socket communication (for example, FTP or HTTP), the files are uploaded in a decrypted state by default.
SolutionThis behavior is expected. The FRP file filter driver acts transparently to whatever application is calling the file. By default, differentiation is not made between an FTP application calling a file from the file system or a word processor application.
To address this, Blocked Processes are used in FRP. By listing the application process names as Blocked in the FRP policy, files are not decrypted for these applications when called on. Instead, the files are given in an encrypted state. NOTES:
Affected ProductsLanguages:This article is available in the following languages: |
|