icon-zia.svg
Secure Internet and SaaS Access (ZIA)

Recommended File Type Control Policy

When configuring the File Type Control policy, Zscaler recommends using:

  • Caution action for Executable downloads from websites under any URL category
  • Block action for Executable uploads to websites under any URL category

If you have Advanced Sandbox, you can configure your Sandbox policy to quarantine executable downloads for the first-time action.

Depending on your corporate policy, you can also add additional rules to block downloads from specific URL categories, such as Adult Material, Drugs, Gambling, Illegal or Questionable, Militancy/Hate and Extremism, Tasteless, Violence, and Weapons/Bombs, etc.

Example File Type Control Rules

The following are examples of the File Type Control policy rules that Zscaler recommends:

File Type Control Rule #1

  • Rule Order: 1
  • Rule Status: Enabled
  • File Types: Executable
  • URL Categories: Any
  • Users: Any
  • Groups: Any
  • Departments: Any
  • Locations: Any
  • Location Groups: Any
  • Time: Always
  • Protocols: Any
  • Action: Caution
  • Upload/Download: Download

File Type Control Rule #2

  • Rule Order: 2
  • Rule Status: Enabled
  • File Types: Select all file types
  • URL Categories: Any
  • Users: Any
  • Groups: Any
  • Departments: Any
  • Locations: Any
  • Time: Always
  • Protocols: Any
  • Action: Allow
  • Upload/Download: Download
Related Articles
About File Type ControlConfiguring the File Type Control PolicyRecommended File Type Control Policy