On the fly decryption doesn’t work when using alternate applications and/or user defined file extensions

Actifile only allows known applications to open encrypted files. To accomplish this, Actifile has an internal authorized application list. It contain a list of process names for authorized applications: E.g. for Office – Word (winword), Excel, etc. are listed as local processes, while Outlook is listed as transport. Hence Word, Excel, PDF open when you double click on the file, and Outlook has to be added to the policies individually.

When you define a new file extension policy, or use an alternate application to open known file types, Actifile won’t know that the new processes is legitimate (if we just by default accepted all processes, malware could open files as well).  Therefore, the application must be added to the local application list.

In the Actifile Risk Portal -> Application Risk click Add System to add the new or alternative application process name. In the example below I am adding IrfanView as a Autocad file viewer.

Process Name: The process name for IrfanView that accesses the encrypted file is i_view32.

Process Type: For the file to be decrypted whenever accessed by the application set it to local process.
If you prefer to except it per individual policy set the process type to transport.

If the files can be accessed by more than 1 process (e.g. a separate viewer and editor) – all would need to be listed (unless one is always called by the other).

The process name can be discovered in a few different ways:

  1. The process name will appear in the Application Risk list – under detected applications.
  2. In the Task Manager find the application you are using and right-click on the application name. Select Go to details .

It will open up the process list on the name of the process that runs the application.

  1. If you can’t find it – or if the process doesn’t work, it may be that the application calls a separate process to load the file. To figure out which application was calling the file, Actifile creates a short lived file called statistics.csv whenever a file load is detected. The file will be located in the Actifile Log directory and should last about 30 seconds. It looks like this: 

The 6th column has the process that actually accesses the file.

Powered by BetterDocs