Endpoint monitoring includes the ability to monitor and ignore files according to file type. Beginning with Data Loss Prevention 12, the DLP Agent for Windows can filter specific types of files to monitor based on file signature data, also known as the true file type. File signature data, generally a short sequence of bytes at the beginning of the file, is used to identify or verify the file type.
Note: Filtering on the DLP Agent for Mac occurs using the file extension only; true file type filtering is not supported on the Mac.
Because the DLP Agent for Windows can filter based on the true file type, the agent can correctly identify and filter files that have file extensions that do not match the original file extension. For example, if a user changes the .doc file name extension to .jpg, the agent can identify the file based on its signature as a DOC file, and either monitor or ignore it based on the agent configuration filter.
Note: Text files (.txt) do not contain file signature data; consequently, the agent can only monitor or ignore these types of files based on the file extension. True type filtering is not possible for .txt files.
You can find information about filtering on the agent in the "Working with agent configurations" chapter of the Symantec Data Loss Prevention Administration Guide 14 at http://www.symantec.com/docs/DOC8734.
The following table lists the file types and corresponding extensions that the DLP Agent for Windows can filter using true file type filtering.