Forcepoint CDR Integration

When Forcepoint CDR (Content Disarm and Reconstruction) is integrated with FileCloud, each file (of a supported type) uploaded into FileCloud is put into a non-editable quarantine state and sent to Forcepoint CDR. Forcepoint CDR rebuilds the file, omitting any potentially malicious code, and returns the sanitized file to FileCloud.

Limitations:

• Forcepoint CDR does not send a notification to the user's FileCloud account if a threat is found; it simply returns the file to FileCloud with the threat removed.
• Only files in Network Folders that are changed within FileCloud are scanned and sanitized; files in Network Folders that are changed outside FileCloud are not.
• File changes made to a file in a WOPI Web edit co-editing session are not sent to Forcepoint for sanitization until all users in the session have closed the file for edit.
• While a file is in quarantine, FileCloud rejects new uploads of the file.

Integrating Forcepoint CDR with FileCloud

Required settings:

• Forcepoint CDR integration works only if locking is enabled (the default setting). For help enabling locking, see The Misc. Tab Settings.
• We recommend setting Number of old versions to keep for each file to 1 or higher (default is 3) before using Forcepoint CDR integration to avoid losing data. Without this setting, loss of original versions of files will occur if Forcepoint CDR returns an unsupported file and Delete Unsupported Versions is checked. For help setting this value, see Setting up Managed Storage. 

To set up integration Forcepoint CDR with FileCloud:

1. In the admin portal, go to Settings > Third Party Integrations > Forcepoint CDR.
   
2. Fill in the fields as indicated in the following table.
   

   Field	Description	Default value	Notes
   Enable Forcepoint CDR Integration	Turn integration with Forcepoint CDR on and off.	unchecked
   CDR Test	Click to confirm that your CDR URL is valid.	N/A
   CDR URL	The URL of your company's Forcepoint CDR server	blank
   File Size Limit	The largest size of a file that FileCloud can send to Forcepoint CDR.	25	The maximum size we have tested that was processed successfully in Forcepoint was 100 MB. However, the maximum size any Forcepoint server can process depends on the hardware configuration of the Forcepoint server.
   Disallowed File Extensions	File extensions that you want to prevent from being uploaded to Forcepoint CDR. These files remain in FileCloud but are not sanitized. (There are also file types that Forcepoint CDR cannot process. These files are treated differently; they are uploaded to Forcepoint and returned as unsupported).	blank
   Delete Unsupported Extensions	Deletes files that are returned because they have extensions that Forcepoint CDR does not support. File types that are not supported for sanitization include file types that Forcepoint does not support in general, such as PSD and MP4, and file types blocked by your Forcepoint CDR configuration. For more information see Forcepoint's online CDR help.	unchecked

3. To ensure that integration with Forcepoint CDR runs efficiently, add the following configuration in the message queue config file:
   1. Open the message queue config file:
      Windows location: C:/xampp/htdocs/src/Scripts/config/default.json
      Linux location: /var/www/html/src/Scripts/config/default.json
   2. Set the field parallel_high_priority_workers_count to a value of 1 or higher.
      We recommend initially setting the value to around 20% of the value in parallel_workers_count, and modifying it as necessary for your environment.

If Forcepoint CDR cannot sanitize a file due to an error a notification is sent to the user and both a notification and an email are sent to the admin.

• Files that cannot be sanitized due to an error are repeatedly resent for sanitization until it is successful or the admin goes to the Quarantined Files page and either deletes the non-sanitized file version or removes it from quarantine. 
• If Delete Unsupported Extensions is checked, files with extensions that are not supported by Forcepoint CDR are deleted from FileCloud. If there is a prior version of the file in FileCloud (if it was an update to a file) the original version is not deleted.

While a file is being sanitized, the file and its parent folders are locked for editing and other changes. The screen does not reflect that the file has been returned from Forcepoint CDR and is now unlocked until the user refreshes the screen, as in the following video.

Notice that the size of the file in the video is reduced after processing. This may happen when the file is recreated in Forcepoint CDR, making it slightly smaller or larger. If it takes longer than a minute to process the uploaded/modified file in Forcepoint CDR, the file's modified date will reflect the time change. 

Deleting file versions in quarantine

If a file cannot be sanitized due to an error, it is repeatedly resent for sanitization until it is successful or an admin either deletes the non-sanitized file version or removes it from quarantine. Each time it is sent for sanitization and fails FileCloud sends you a notification:


:

 

The file listed in the Quarantined Files screen is the version of the file that has been quarantined and sent for sanitization, which is the latest version of the file. Earlier versions of the file may exist in FileCloud and will remain in FileCloud even if you delete the versions in quarantine.

To delete a file that is repeatedly being sent for sanitization:

1. In the admin portal navigation panel, click Quarantined Files.
   All quarantined files are listed, including those that haven't finished the initial sanitization process as well as those that are being repeatedly sent for sanitization due to an error.
   If files listed because they have not finished the initial sanitization process do not have the Delete option.
   If files are listed because of an error, the failed CDR column displays YES.
   
2. To delete a file version (a sanitization request) stuck in quarantine, in the Actions column, click the Delete icon.
   
   The file no longer appears in the Quarantined Files page.
   The deleted version of the file is removed from FileCloud, and is no longer sent for sanitization.
   Note: If this is the only version of the file in FileCloud, the file is deleted permanently from FileCloud and is not sent to the recycle bin.

Removing all files from quarantine

The Quarantined Files page includes a button for removing all files from quarantine. If you click this button, all file versions in quarantine, including those that have not yet completed the sanitization process and those that are stuck in the sanitization process due to an error, are removed from quarantine but not deleted from FileCloud. All of these versions of files become available for use in FileCloud in their non-sanitized state.

To remove all files from quarantine:

1. In the admin portal navigation panel, click Quarantined files.
   All quarantined files are listed.
   
   
   
2. To remove all files from quarantine, click the Unquarantine All Files button.
   A confirmation box that warns you that unsanitized files will be brought into the system pops up. 
3. If it is okay for the files to remain unsanitized, click Unquarantine in the confirmation box.
   
   
   All of the files are removed from the Quarantined files screen:
   
   
   The files remain available to the user who created or uploaded them: