SquareX publishes research on attacks that completely bypass Secure Web Gateways at DEF CON’32. Read More

SquareX Uncovers Critical Vulnerabilities in Top Webmail. Providers. Read More

✨ SquareX has raised a USD 6M seed from Sequoia Capital SEA. Read More

Home / Use cases / Suspicious Files

Suspicious Files

Files originating from untrusted sources, and even sometimes from trusted ones, is an attack vector for enterprises. For example, the HR department receives numerous resumes from candidates, and an attacker can easily pose as a candidate to infiltrate the organisation. Similarly, if an employee's account is hacked and used to send unusual files, it can lead to further compromise within the organisation. Blocking all such files indiscriminately can hinder business operations.

Enterprises need a way to segregate malicious, suspicious, and benign files, and SquareX facilitates this effectively. With SquareX, enterprises can create granular policies based on file properties (such as the presence of macros, level of recursion in zip files, etc.) and their origin (such as the sender, referrer, number of redirects, etc.). Additionally, SquareX’s in-browser file analysis engine provides insights on suspicious files, allowing enterprises to make informed decisions and maintain a high level of security without disrupting essential business functions.

Block download of files with file type mismatch

Attackers often evade security solutions by altering file extensions and sending malicious files via email or other communication channels. These platforms, optimised for delivery, typically do not perform in-depth file scanning, allowing potentially harmful files to slip through. SquareX detects signs of file tampering to ensure that such files do not reach the user’s device. For instance, files with mismatched types can disguise malicious content such as .exe as more 'harmless' PDF files. Blocking these downloads prevents users from opening harmful files that appear benign. Using the policy generating copilot, admins can prompt ‘Block Download of Files with File Type Mismatch’ to generate the appropriate policy. The expected outcome would be:

Block download of files more than 2GB in size

If your enterprise's endpoint security solutions have limitations on the file size that it can scan effectively, admins can consider creating a policy to block file download of files that exceed the scanning limit. To do so, they can prompt ‘Block Downloads of Files Larger than 2GB’. The outcome will be: