Learn about how approved and blocked lists affect email and file scanning in Cloud App Security.
Cloud App Security lets you configure approved and blocked lists at different levels, giving you flexibility
to manage trusted and suspicious objects. However, understanding how these lists interact
is key to avoiding misconfigurations.
The following table outlines how each list works and how it impacts scanning behavior.
|
List
|
Where to configure
|
Scanning behavior
|
|
|
Approved lists
|
Global level:
Approved/Blocked Lists under
|
Cloud App Security skips scanning matching emails, files, and other supported items across all policies
and delivers them to recipients.
|
|
|
Policy level:
Approved lists in supported security filters in Advanced Threat Protection policy
and Data Loss Prevention policy
|
Cloud App Security skips scanning matching emails, files, and other supported items by the specific
security filter in that policy, but still sends them to other filters for further
checks. The final action is based on the highest-priority result.
|
||
|
Blocked lists
|
Global level:
Approved/Blocked Lists under
|
Cloud App Security quarantines matching emails, files, and other supported items and stops delivering
them to recipients.
|
|
|
Global level:
Suspicious Object Settings under
|
Cloud App Security takes the action synchronized from Trend Vision One or Apex Central / Control Manager
on matching emails, files, and other supported items.
|
||
|
Policy level:
Blocked lists in supported security filters in Advanced Threat Protection policy and
Data Loss Prevention policy
|
Cloud App Security applies the action defined in the corresponding filter, then sends the item to other
filters for additional checks. The final action is based on the highest-priority result.
|
If an object matches both an approved list and a blocked list, the approved list takes
precedence.