Skip to main content
Skyhigh Security

DLP File Processing

By default, the maximum file limit for a full content scan is 50 MB. If you have purchased the Advanced DLP SKU plan, you can scan large files up to 250 MB. If you wish to increase your file size limits, contact Skyhigh Security Support.

If a scan submitted exceeds the size limit configured for the tenant, the scan engine will attempt to perform a metadata-only scan of the truncated scan payload up to the specified limit. During this scan, only those classifications that rely solely on file details such as file name, extension, and size will be scanned. However, Content Scan will not be performed, which includes EDM, IDM, and other similar operations.

For example, suppose a 60 MB PDF file is submitted for scanning, but the tenant size limit is only 50 MB. In such a case, only the first 50 MB of the file will be scanned if any file information or true file type classifications are involved in the scan. However, if all classifications involve content scanning, no scanning will be performed on the file since scanning is not possible under such circumstances.

NOTE: The large file processing rule doesn't apply to metadata scanning, except for true file type detection. True file type criteria check for files larger than 50 MB  in conjunction with large file scanning.

Large File Processing in CASB and Web DLP

Sanctioned Apps DLP File Processing (CASB)

By default, the user can set a file size limit of up to 50 MB. If you have purchased the Advanced DLP SKU plan, you can set a file size limit of up to 250 MB. If the file is between these limits, it will be sent for DLP scanning. The file size limit cannot be increased beyond the provisioned value.

For Data Identifiers and Keywords, only the first 30 MB are scanned for DLP content, however, malware scanning will be performed on any files up to 250 MB.

For classifications, files up to 250 MB are scanned for DLP content.


NOTE: Certain CSPs do not provide file metadata. These files may be retrieved and sent over to the classification service which will then perform a truncated scan.

clipboard_ebc4ea4dde958be9692e70d0126787a33.png

Web DLP File Processing

By default, the user can set a file size limit of up to 50 MB. If you have purchased the Advanced DLP SKU plan, you can set a file size limit of up to 250 MB. If the file is below this limit, it will be sent for DLP scanning by the Web DLP module. The file size limit cannot be increased beyond the provisioned value.
clipboard_e3cfb52cc3cc44f327352e77aba05a46a.png

Partial Content Scan in Large File Processing

Legends used in the tables:  accept.png  Identified    remove.png  Unidentified 
Files

Scanning of different file types for the on-demand web services protocol, the following behavior can be expected.

File Type File Name/Extension File Size True File Type
PDF                accept.png         accept.png              accept.png
RTF                accept.png         accept.png              accept.png
MP4                accept.png         accept.png              accept.png
DOCX/DOC                accept.png         accept.png              remove.png
XLSX/XLS                accept.png         accept.png              remove.png
XLSB                accept.png         accept.png              remove.png
Document Inside Archives

Scanning for files inside large archives such as zip or tar is more complicated. In such circumstances, the following behavior can be expected.

File Type File Name / Extension File Size True File Type
PDF inside tar archive (truncated during PDF)                   accept.png       remove.png           accept.png
PDF inside tar archive (truncated after PDF)                   accept.png       accept.png           accept.png
PDF inside zip archive (truncated during PDF)                   remove.png       remove.png           remove.png
PDF inside zip archive (truncated after PDF)                   remove.png       remove.png           remove.png
PDF inside rar archive (truncated during PDF)                   remove.png       remove.png           remove.png
PDF inside rar archive (truncated after PDF)                   accept.png       accept.png           accept.png
PDF inside 7z archive (truncated during PDF)                   remove.png       remove.png           remove.png
PDF inside 7z archive (truncated after PDF)                   remove.png       remove.png           remove.png
  • Was this article helpful?