Download Protection is a feature in the NordLayer Windows application. It scans files downloaded from the internet for malicious content and auto-removes malware-infected files.
This feature operates locally on the device, ensuring quick response to threats. Intelligent Download Protection, a part of this feature, uses malware databases and threat intelligence data feeds to detect known and emerging threats. It can also detect files with double extensions (e.g., filename.csv.exe).
The feature is available in NordLayer Windows application version 3.4.1 and up.
It can only be enabled and managed by organization admins through the Control Panel’s Security Configuration page.
- Teams or individuals cannot enable it themselves; only Owners can assign it to specific teams.
- Users with signed HIPAA compliance agreements should be cautious, as enabling this feature may disclose sensitive information from file titles, sources, or storage locations.
How to enable Download Protection?
- Log in to Control Panel and select Settings.
- In the Settings menu, choose Security configurations.
- Find the Download Protection setting and click the toggle switch to enable Download Protection. Confirm your selection to complete the setup.
If you prefer not to use machine learning features, you can disable Intelligent malware detection.
How to assign Download Protection for specific teams?
By default, Download Protection is enabled for all teams. To specify which teams should have this feature enabled:
- Click Edit teams
- Next to each team name, you'll find a plus icon. Click on the plus icon for the teams you want to enable Download Protection for.
- Once you've selected the desired teams, click the Save button to confirm your changes.
What is Intelligent Download Protection?
Intelligent Download Protection is on by default when enabling the feature itself. It allows for a more precise download scanning and helps to detect unknown or zero-day malware, it also includes double-extension detection (example filename.csv.exe) and works locally on a device, resulting in faster malware detection and offline scanning capabilities.
NordLayer’s Intelligent Download Protection feature leverages a combination of commercially available malware databases and open-source threat intelligence data feeds to deliver a robust and intelligent malware detection solution. This multi-layered approach ensures that users are protected against a wide range of potential threats, including known and emerging malware strains.
Turning off Intelligent Download Protection significantly reduces your protection.
How does Download Protection work?
When Download Protection is enabled, the NordLayer application will scan all downloads on the user's device, regardless of whether it's connected to a gateway.
If Download Protection detects a malware-infected file, it will automatically delete the file from the device and display an informational message:
Detailed analytics of Download Protection, including the total number of files downloaded and scanned, as well as specific information about deleted files, can be viewed on the Control Panel's Activity page:
Malicious download deletion events are immediately reported in the Threat Report table. General information about files downloaded and scanned is updated in the Threat Report table every 3 hours.
| File Type | Full Type Name |
|---|---|
| ht* | Hypertext file (wildcard) |
| acm | Audio Compression Manager |
| apk | Android package file |
| app | Application file |
| asp | Active Server Pages |
| ax | DirectShow Filter |
| bat | Batch file |
| bin | Binary file |
| class | Java class file |
| cmd | Command script |
| com | Command file |
| cpl | Control panel extension |
| css | Cascading Style Sheets |
| csh | C shell script |
| dex | Dalvik executable file |
| dll | Dynamic Link Library |
| dmg | Disk image file (Mac) |
| do* | Document file (wildcard) |
| drv | Device driver |
| dylib | Dynamic Library (Mac) |
| efi | Extensible Firmware Interface |
| elf | Executable and Linkable Format |
| eml | Email message |
| exe | Executable file |
| htm* | Hypertext Markup Language file (wildcard) |
| inf | Information file |
| ini | Initialization file |
| ins | Internet Communication Settings |
| isp | Internet Communication Settings |
| jar | Java archive |
| js | JavaScript file |
| lnk | Shortcut link |
| mpp | Microsoft Project file |
| mpt | Microsoft Project template |
| ms? | Microsoft installer or patch (wildcard) |
| msi | Microsoft Installer |
| mst | Windows installer transform |
| mui | Multilingual User Interface |
| ocx | OLE Control Extension |
| osd | Open Software Description |
| Portable Document Format | |
| php | PHP script |
| pkg | Package file |
| pl* | Perl script (wildcard) |
| pot* | PowerPoint template (wildcard) |
| pps* | PowerPoint slideshow (wildcard) |
| ppt* | PowerPoint presentation (wildcard) |
| ps1 | PowerShell script |
| psh | PowerShell script (older version) |
| rtf | Rich Text Format |
| scf | Shell command file |
| scr | Screen saver file |
| script | Script file |
| htm* | Server-side HTML (wildcard) |
| sfx | Self-extracting archive |
| sh | Shell script |
| so | Shared library (Unix) |
| swf | Shockwave Flash |
| sys | System file (Windows) |
| tsp | TAPI service provider (Telephony Application Programming Interface) |
| vb* | Visual Basic script (wildcard) |
| vbs | Visual Basic script |
| wsc | Windows Script Component |
| wsf | Windows Script File |
| wsh | Windows Script Host file |
| xl* | Excel spreadsheet (wildcard) |
Download Protection cannot scan the following:
- Encrypted files: Files that are protected with encryption.
- Password-protected archives: Only the archive as a whole will be checked, not the individual files within.
- Large files: Downloads exceeding 5GB in size.
Download Protection supports scanning archives with up to 20 layers.
Note: In case you have any questions or are experiencing any issues, please feel free to contact our 24/7 customer support team.