Download Protection
  • 4 Minutes to read

    Download Protection


      Article summary

      Download Protection is a feature in the NordLayer Windows application. It scans files downloaded from the internet for malicious content and auto-removes malware-infected files.

      This feature operates locally on the device, ensuring quick response to threats. Intelligent Download Protection, a part of this feature, uses malware databases and threat intelligence data feeds to detect known and emerging threats. It can also detect files with double extensions (e.g., filename.csv.exe).

      The feature is available in NordLayer Windows application version 3.4.1 and up.

      It can only be enabled and managed by organization admins through the Control Panel’s Security Configuration page.

      Note
      • Teams or individuals cannot enable it themselves; only Owners can assign it to specific teams.
      • Users with signed HIPAA compliance agreements should be cautious, as enabling this feature may disclose sensitive information from file titles, sources, or storage locations.

      How to enable Download Protection?

      1. Log in to Control Panel and select Settings.
      2. In the Settings menu, choose Security configurations.

      Settings - Security configurations_1.png

      1. Find the Download Protection setting and click the toggle switch to enable Download Protection. Confirm your selection to complete the setup.

      Settings - Security configurations_2.png

      Note

      If you prefer not to use machine learning features, you can disable Intelligent malware detection.

      How to assign Download Protection for specific teams?

      By default, Download Protection is enabled for all teams. To specify which teams should have this feature enabled:

      1. Click Edit teams

      Settings - Security configurations_3.png

      1. Next to each team name, you'll find a plus icon. Click on the plus icon for the teams you want to enable Download Protection for.

      Settings - Security configurations_4.png

      1. Once you've selected the desired teams, click the Save button to confirm your changes.

      What is Intelligent Download Protection?

      Intelligent Download Protection is on by default when enabling the feature itself. It allows for a more precise download scanning and helps to detect unknown or zero-day malware, it also includes double-extension detection (example filename.csv.exe) and works locally on a device, resulting in faster malware detection and offline scanning capabilities.

      NordLayer’s Intelligent Download Protection feature leverages a combination of commercially available malware databases and open-source threat intelligence data feeds to deliver a robust and intelligent malware detection solution. This multi-layered approach ensures that users are protected against a wide range of potential threats, including known and emerging malware strains.

      Note

      Turning off Intelligent Download Protection significantly reduces your protection.

      How does Download Protection work?

      When Download Protection is enabled, the NordLayer application will scan all downloads on the user's device, regardless of whether it's connected to a gateway.

      If Download Protection detects a malware-infected file, it will automatically delete the file from the device and display an informational message:

      Toast notification - notifications.png

      Detailed analytics of Download Protection, including the total number of files downloaded and scanned, as well as specific information about deleted files, can be viewed on the Control Panel's Activity page:

      Activity - File Protect.png

      Malicious download deletion events are immediately reported in the Threat Report table. General information about files downloaded and scanned is updated in the Threat Report table every 3 hours.

      File TypeFull Type Name
      ht*Hypertext file (wildcard)
      acmAudio Compression Manager
      apkAndroid package file
      appApplication file
      aspActive Server Pages
      axDirectShow Filter
      batBatch file
      binBinary file
      classJava class file
      cmdCommand script
      comCommand file
      cplControl panel extension
      cssCascading Style Sheets
      cshC shell script
      dexDalvik executable file
      dllDynamic Link Library
      dmgDisk image file (Mac)
      do*Document file (wildcard)
      drvDevice driver
      dylibDynamic Library (Mac)
      efiExtensible Firmware Interface
      elfExecutable and Linkable Format
      emlEmail message
      exeExecutable file
      htm*Hypertext Markup Language file (wildcard)
      infInformation file
      iniInitialization file
      insInternet Communication Settings
      ispInternet Communication Settings
      jarJava archive
      jsJavaScript file
      lnkShortcut link
      mppMicrosoft Project file
      mptMicrosoft Project template
      ms?Microsoft installer or patch (wildcard)
      msiMicrosoft Installer
      mstWindows installer transform
      muiMultilingual User Interface
      ocxOLE Control Extension
      osdOpen Software Description
      pdfPortable Document Format
      phpPHP script
      pkgPackage file
      pl*Perl script (wildcard)
      pot*PowerPoint template (wildcard)
      pps*PowerPoint slideshow (wildcard)
      ppt*PowerPoint presentation (wildcard)
      ps1PowerShell script
      pshPowerShell script (older version)
      rtfRich Text Format
      scfShell command file
      scrScreen saver file
      scriptScript file
      htm*Server-side HTML (wildcard)
      sfxSelf-extracting archive
      shShell script
      soShared library (Unix)
      swfShockwave Flash
      sysSystem file (Windows)
      tspTAPI service provider (Telephony Application Programming Interface)
      vb*Visual Basic script (wildcard)
      vbsVisual Basic script
      wscWindows Script Component
      wsfWindows Script File
      wshWindows Script Host file
      xl*Excel spreadsheet (wildcard)

      Download Protection cannot scan the following:

      • Encrypted files: Files that are protected with encryption.
      • Password-protected archives: Only the archive as a whole will be checked, not the individual files within.
      • Large files: Downloads exceeding 5GB in size.
      Note

      Download Protection supports scanning archives with up to 20 layers.


      Note: In case you have any questions or are experiencing any issues, please feel free to contact our 24/7 customer support team.


      Was this article helpful?