Understanding supported file types

Each of the OEM vendors you partner with may support different file types for scanning. This is also contingent on the Forcepoint ONE SSE mode the file is passing through (SWG, Reverse proxy, API, etc).

Note: In general, most malware engines that rely on AI and machine learning do not support container type files, such as .iso or .dmg type files.

See the list below for each vendor to have a better idea of what file types are supported.

Forcepoint ONE SSE

File Type support will differ depending on the mode the file is being processed through (SWG, Proxy, API). Refer to Viewing Forcepoint ONE SSE supported File MIME types for more information on file types supported by Forcepoint ONE SSE.

  • SWG - Will process and send all file types to the malware engine.
  • Reverse proxy upload - Will process and send all file types to the malware engine
  • Reverse proxy download - Will process and send mime types corresponding to office docs, text, pdf, zip, executables, and any files with mime type application/octet-stream.
  • API - Will process and send file types supported by the API engine.

Crowdstrike

File Analyzer SDK 1.4.1 leverages multiple Machine Learning models to scan various file types.

File types supported are:

  • Portable Executable (PE): Windows executables. File you can run on windows, including DLL’s (Dynamically Linked Libraries)
  • Mach-O: Mac executable. Files you can run on MACs. This is multi-class, meaning this scanner will let you know if a file is malicious and it is classified as a PUP/adware
  • Executable Linkable Format (ELF): File you can run on Linux. Linux Executable and linkable formats. These run on UNIX as well.
  • Composite Document File (CDF): Old Office Microsoft Office file format (.doc, xls, .ppt). This scanner also includes CDF exploit detection. Office documents can contain macros that try to compromise a system. This scanner looks for the structures and patterns that would indicate the macro is potentially malicious.
  • Office Open Extensible Markup Language (OOXML): New MS Office format, such as .docx, xlsx/m, pptx/m and so on.
  • PDF

All Executable files supported: PE (x86/x86-64 only), Mach-O (x86/x86-64 & 32/64bit ARM), ELF (x86/x86-64 & 32/64bit ARM) Documents

All Document files supported: CDF (legacy Microsoft Office files [e.g., .doc, .xls, .ppt]), OOXML (newer Microsoft Office files [example, .docx, .docm, .xlsx, .xlsm, .pptx, .pptm]), PDF

Bitdefender

  • Scans and disinfects all file formats known to be used to spread malware content, including archives, installers and various encodings.
  • Bitdefender engine supports a large number of file formats, from various executables to Office documents, Flash files and MP4 videos. For each file format, there is an analyzer in the engine, which says whether the format could be handled. There is also a parser which is responsible for extracting the relevant data for the engine.
  • Bitdefender scanning engines can scan all types of archives (including email file formats) that may contain threats. The list below specifies the most common types of archives that are being analyzed:

    7z; ace; alz; ar; arc; arj; boo; bz; bz2; bzip2; cab; chm; cpio; dbx; deb (with gzip, bzip2, xz); dmg (with HFS); docfile; eml; esh; exe; ezs; fky; frs; fxp; gadget; gif; grv; gx2; gz; gzip; hap; hlp; hms; hqx; hta; htm; html; htt; iaf; icd; ico; img; inf; ini; inno; instyler; inx; ipf; iso; installshield; isu; jar; jfif; jpe; jpeg; jpg; js; jse; jsx; kix; laccdb; lha; lzh; lnk; maf; mam; maq; mar; mat; mbx; mcr; mda; mdb; mde; mdt; mdw; mem; mhtml; mid; mime; mmf; mov; mp3; mpd; mpeg; mpg; mpp; mpt; mpx; ms; mscompress; msg; msi; mso; msp; mst; msu; nsis; nws; oab; obd; obi; obs; obt; ocx; odt; oft; ogg; ole; one; onepkg; osci; ost; ovl; pa; paf; pak; pat; pci; pcx; pdf; pex; pfd; pgm; php; pif; pip; png; pot; potm; potx; ppa; ppam; pps; ppsm; ppsx; ppt; pptm; pptx; ppz; prc; prf; prg; ps1; psd; psp; pst; pub; puz; pvd; pwc; pwz; py; pyc; pyo; qpx; qt; qxd; ra; ram; rar; rbx; rgb; rgs; rm; rox; rpj; rpm (with cpio, gzip, bzip2, xz); rtf; scar; scr; script; sct; sdr; sfx; sh3; shb; shs; shw; sis; sit; sldm; sldx; smm; snp; snt; spr; src; svd; swf; sym; sys; tar; tar.z; tb2; tbb; tbz2; td0; tgz; thebat; thmx; tif; tiff; tlb; tms; tsp; tt6; u3p; udf; ufa; url; uuencode; vb; vbe; vbs; vbscript; vise; vwp; vxd; wav; wbk; wbt; wcm; wdm; wise; wiz; wks; wll; wmf; wml; wpc; wpf; wpg; wpk; wpl; ws; ws2; wsc; wsf; wsh; xar; xl; xla; xlam; xlb; xlc; xll; xlm; xls; xlsb; xlsm; xlsx; xlt; xltm; xltx; xlw; xml; xqt; xsf; xsn; xtp; xz; z; zip; zl?; zoo