Skip to content

DEEP FILE INSPECTION POLICY

URL Deep File Inspection Policy Settings

[POLICY] > (Select Domain Group) > [SET POLICY] > URL POLICY > (Select URL) > [DEEP FILE INSPECTION]

This policy inspects the Integrity of files stored on the server. DeepFinder stores the Hash value and Size information of files and detects if the source code is modified or the file size is changed by an attacker.

Deep File Inspection Policy Settings

Configuration and Operation Method

An initial learning period is required to effectively operate the Deep File Inspection policy.

  1. Initial Learning (Baseline Setup):

    • When applying the policy for the first time, set the action to ALLOW or NONE.
    • During this period, DeepFinder collects Hash values and size information of normal files in the specified directory to build a database.
    • Recommended Learning Period: Depending on the server environment, an operation period of about 1 week may be required until all normal file information is updated.

  2. Security Application (Blocking):

    • After the collection of normal file information is complete, change the action to DENY.
    • Subsequently, if file tampering (source modification, malicious code insertion, etc.) occurs, it is immediately detected and access to the corresponding file is blocked.

  3. Inspection Target Settings:

    • You can select the file type (Extension Group, e.g., TEXT, IMAGE, etc.) to inspect on the settings screen.
    • When settings are complete, click the [SAVE] button on the top right to apply.

Major Inspection Items

Item Description
File Tampering Inspection Inspects whether the content or size of an existing file has changed. (Detects webshell insertion, malicious script injection, etc.)
New File Creation Inspection Detects the creation of new files unintended by the administrator in the corresponding path. (Detects actions such as an attacker creating a backdoor)
TARGET Specifies the file format to perform inspection on. (e.g., TEXT, etc.)
ACTION Selects the action to take upon detection of tampering or new creation. (NONE / ALLOW / DENY / REDIRECT / DETECT)