Risk Levels
    • PDF

    Risk Levels

    • PDF

    Article summary

    Clean Room processes files to ensure they are safe from threats. Once a file has been deconstructed and rebuilt, the application assigns a Risk Level to the original file. These risk levels explained below, provide users with a high level summary of the level of threat the original file contained.

    A low risk level means the original file did not appear to contain any threats or items that might increase risk for your environment.

    A medium risk level means the original file contained items that may be used by an attacker to compromise your environment or to expose information about the file itself. Metadata such as review comments can also be used to hide information, entering, or leaving your environment. Hyperlinks might be benign, but without adequate protection may lead the user to visit an insecure internet location and to potentially interact with a threat. 

    A high risk level means the original file contained software or executable code, that may be used by attackers to compromise your environment.

    How Glasswall Made Your File Safe

    This section lists the threats removed within the file structure, as well as risky content sanitised (removed) from your file according to the policies set by you or your company. 

    There are various types of actions performed across all supported file types:

    • Unrecognised objects hidden within the file structure that are not defined in the ‘known good’ specification, are removed.
    • Where possible, components of a file that deviate from the manufacturer’s specification are corrected back to the standards set in the specification. Otherwise, an issue is reported.

    Definitions

    Acroforms

    An 'Acrobat Form' in addition to looking like a form, may also contain active code (e.g., JavaScript) which could be malicious. They can also be used to hide objects inside other objects.

    Risky content Types & Macros & Javascript

    Macros & JavaScript are forms of active code, which may be benign in nature, but all too often are used by bad actors to mount an attack against the user or receiving system when expressed in a business document.

    All Actions

    An action within a PDF may be benign, but it’s designed to make the document dynamic. An attacker may use the action to trigger active code (e.g., JavaScript) or send data to a URL. The functionality can be misused to cause harm to the recipient.

    Digital Signatures

    The source document may have been signed with a digital signature. Whilst the signing may not represent a threat, if the ownership and trust of the certificate chain has been compromised, this could trick a user into viewing a document that could contain something malicious. The sanitise setting is a good option to select if there is any doubt about the provenance of the document.

    Dynamic Data Exchange (DDE)

    Dynamic Data Exchange (DDE) within Microsoft documents is known to present risk as the protocol may be used to execute malicious code on the recipient's computer.

    Embedded Files

    Embedded objects within files may present risk if they provide a way for active code to be triggered, or to hide data within a document. 

    Embedded Images

    Embedded images within files may present risk if they provide a way for malicious content to be hidden inside the image.

    External Hyperlinks & Internal Hyperlinks

    External and internal hyperlinks may appear innocent. However, a link in a document may appear to have a different destination than the real link. Caution is advised when clicking on links in documents. 

    Review Comments & Metadata

    Metadata can reveal information which the owner may not intend to disclose to the recipient, such as review comments, or the original author's name.


    Was this article helpful?