DLP File Processing
By default, the maximum file limit for a full content scan is 50 MB. If you have purchased the Advanced DLP SKU plan, you can scan large files up to 250 MB. If you wish to increase your file size limits, contact Skyhigh Security Support.
If a scan submitted exceeds the size limit configured for the tenant, the scan engine will attempt to perform a metadata-only scan of the truncated scan payload up to the specified limit. During this scan, only those classifications that rely solely on file details such as file name, extension, and size will be scanned. However, Content Scan will not be performed, which includes EDM, IDM, and other similar operations.
For example, suppose a 60 MB PDF file is submitted for scanning, but the tenant size limit is only 50 MB. In such a case, only the first 50 MB of the file will be scanned if any file information or true file type classifications are involved in the scan. However, if all classifications involve content scanning, no scanning will be performed on the file since scanning is not possible under such circumstances.
NOTE: The large file processing rule doesn't apply to metadata scanning, except for true file type detection. True file type criteria check for files larger than 50 MB in conjunction with large file scanning.
Large File Processing in CASB and Web DLP
Sanctioned Apps DLP File Processing (CASB)
By default, the user can set a file size limit of up to 50 MB. If you have purchased the Advanced DLP SKU plan, you can set a file size limit of up to 250 MB. If the file is between these limits, it will be sent for DLP scanning. The file size limit cannot be increased beyond the provisioned value.
For Data Identifiers and Keywords, only the first 30 MB are scanned for DLP content, however, malware scanning will be performed on any files up to 250 MB.
For classifications, files up to 250 MB are scanned for DLP content.
NOTE: Certain CSPs do not provide file metadata. These files may be retrieved and sent over to the classification service which will then perform a truncated scan.
Web DLP File Processing
By default, the user can set a file size limit of up to 50 MB. If you have purchased the Advanced DLP SKU plan, you can set a file size limit of up to 250 MB. If the file is below this limit, it will be sent for DLP scanning by the Web DLP module. The file size limit cannot be increased beyond the provisioned value.
Partial Content Scan in Large File Processing
Legends used in the tables:  Identified  Unidentified |
Files
Scanning of different file types for the on-demand web services protocol, the following behavior can be expected.
| File Type | File Name/Extension | File Size | True File Type |
|---|---|---|---|
| |
|
|
|
| RTF | |
|
|
| MP4 | |
|
|
| DOCX/DOC | |
|
|
| XLSX/XLS | |
|
|
| XLSB | |
|
|
Document Inside Archives
Scanning for files inside large archives such as zip or tar is more complicated. In such circumstances, the following behavior can be expected.
| File Type | File Name / Extension | File Size | True File Type |
|---|---|---|---|
| PDF inside tar archive (truncated during PDF) | |
|
|
| PDF inside tar archive (truncated after PDF) | |
|
|
| PDF inside zip archive (truncated during PDF) | |
|
|
| PDF inside zip archive (truncated after PDF) | |
|
|
| PDF inside rar archive (truncated during PDF) | |
|
|
| PDF inside rar archive (truncated after PDF) | |
|
|
| PDF inside 7z archive (truncated during PDF) | |
|
|
| PDF inside 7z archive (truncated after PDF) | |
|
|