Policy settings
    • PDF

    Policy settings

    • PDF

    Article summary

    As a Standard User, you're able to view the file sanitization settings configured by your Administrator supported file types from the Policy settings page.

    image.png

    The following policy settings can be applied to risky content:

    • Sanitized: we'll analyze the file and remove this type of risky content, then rebuild the file.
      • Example: you can sanitize (remove) macros from Word files.
    • Allowed: we'll analyze and rebuild the file, but we won't remove this type of risky content.
      • Example: you can allow macros for Word files. (This presents a risk to you if an attacker has placed malware within a file.)
    • Blocked: we'll analyse the file, but if we find the risky content, we won't process the file at all.
      • Example: you can specify that Word files with macros aren't processed at all.

    Risky content types

    Risky content typeRisk LevelDescription
    AcroformHigh RiskAn AcroForm is a PDF that contains form fields ('Acrobat Form'). In addition to looking like a form, it may also contain active code (e.g. JavaScript) that could be malicious. AcroForms can also be used to hide objects inside other objects.
    ConnectionsHigh RiskThe Excel connections feature controls connections to external data sources. This may present a risk if the external data source is compromised with malware or lead to SQL injection attacks, where the external data source is an SQL database.
    Digital SignaturesLow RiskThe source document may have been signed with a digital signature. While the signing may not represent a threat, if the ownership and trust of the certificate chain has been compromised, it could trick a user into viewing a document containing something malicious.
    DDEHigh RiskDynamic Data Exchange (DDE) allows data to be shared between applications in some old versions of Windows. DDE within a Microsoft document presents risk, as it may be used to execute malicious code on the recipient's computer.
    Embedded FilesHigh RiskEmbedded objects are files, items, or entities that have been added into a different program or object (for instance, a gif in a Word document). Embedded objects within files may present risk if they provide a way for active code to be triggered or hide data within a document.
    Embedded ImagesMedium RiskEmbedded images are pictures where data has been incorporated into the file. They may present risk if they provide a way for malicious content to be hidden inside the image.
    External HyperlinksMedium RiskExternal hyperlinks redirect you to open something outside the file. A hyperlink may seem innocent, but it could route to a different destination than the link that’s displayed. Caution is advised when clicking links in documents.
    Foreign ObjectsMedium RiskForeign objects may include items like HTML code, images, or other media types. They allow the author to include elements from other file formats or programming languages within the file that could be malicious.​
    GeoTIFFMedium RiskGeoTIFF is an extension to the TIFF file format and can include metadata that describes the coordinate system, projection, and other spatial properties of an image that the owner may not intend to disclose.
    Internal HyperlinksMedium RiskInternal hyperlinks route you to a different place within a file. An internal hyperlink may seem innocent, but it could route you to a different destination than the link that’s displayed. Caution is advised when clicking links in documents.
    JavascriptHigh RiskJavaScript is a form of active code that may be benign in nature, but all too often is used by bad actors to mount an attack against the user or receiving system in a business document.
    MacrosHigh RiskMacros are sequences of events (including keystrokes or clicks) that can be automated. Macros may seem benign in nature, but all too often are used by bad actors to mount an attack against the user or receiving system in a business document.
    MetadataMedium RiskMetadata is data about other data. Metadata may reveal information the owner may not intend to disclose, such as what computer was used to create the document or the original author's name.
    PDF ActionsHigh RiskPDF actions are built-in functionality in PDF documents. PDFs could include buttons that execute JavaScript or links to untrustworthy external resources. This means they could be used to launch a phishing attack, download malware, or steal sensitive information.
    Review CommentsMedium RiskReview comments are comments that have been added to Microsoft files. They may reveal information the owner may not intend to disclose, such as the original author's name.
    ScriptsHigh RiskA script is a form of active code that may be benign in nature, but all too often is used by bad actors to mount an attack against the user or receiving system in a business document.
    Tracked ChangedMedium RiskTracked changes convey the history of edits made within a file. They may reveal information the owner didn't intend to disclose.

    Was this article helpful?

    What's Next