Worked through the process to create a Data Transfer via Gatelet Policy, chose the Action Upload segment and configured to Block File yet the process failed to block the upload to Office 365 following the Reach Agent Block warning in CloudSOC (CSOC).
Confirmed Office 365 handles file uploads outside the normal processes so a file is unable to be blocked by the Gatelet Policy.
Further clarification: Office 365 makes two requests when a file is uploaded as follows:
Upload process creates an empty “place-holder” file
Upload process creates a container file to hold the upload content
Following these O365 processes; CSOC processes perform content analysis on the content file, which triggers the Block File action, and blocks the file based on the CSOC Policy configurations.
However, when CSOC performs content analysis, the first request gets created which is nothing but an empty file with the same name. It is this secondary place-holder file which cannot be blocked as it doesn’t meet the content criteria to match that outlined in the CSOC Policy.
This is currently being reviewed by Symantec Corp for supportability in a future CloudSOC release.
Subscribing will provide email updates when this Article is updated. Login is required.