How do you handle file type upload restrictions?

Question

I am exploring a method to restrict certain file types (.exe and .msi for example) from being uploaded into our Box (Enterprise Plus) instance and I don’t see a native way to “block” uploads based on file type.

I am thinking the only way to “achieve” this would be to use the Box API to search for files (or perhaps Shield Alert Event list?) with the specific extensions periodically and delete them.

Using a normal search, I am concerned about lag time from search indexing, as well as the cadence of that search.

I suppose I could create a Classification policy to classify these files by type, then use Shield to apply Security controls on the classification until the file is deleted by the API process or a Governance Policy, or until someone reviews the alert deletes the file manually.

Box Relay seems out of the question as it doesn’t seem to propagate into subfolders, nor can I run a scheduled relay to delete based on Classification alone.

Are there any clean ways that you’ve accomplished this?

Jey Bueno Box · Accepted Answer

We received an update that this has been discussed internally, and we hope the proposed solutions will meet your needs.

I’m sharing the details here to close the loop. While we don’t currently offer a built‑in feature that blocks uploads, cleanup can only occur after the upload takes place:

Option 1: Can utilize WebHooks to look for file uploads and listen for certain file types
- This will work AFTER the file has been uploaded, but can move the file to quarantined locations
Option 2: Event Stream
- Filter out Upload events and monitor JSON details of the file uploads - then filter from there
Option 3: CASB
Option 4: AutoClassification Policy for certain File Types, then can set up a script to move those files

*ALL options are after the fact of upload

*Extensions are not a very reliable way to block content because the extension can be changed upon upload — would have to manually check if the file matches the extension.

Thank you, and please feel free to reach out if you have any other concerns.

Jey Bueno Box · Answer

Hi ​@keolson, welcome to the Box Community! Apologies for the delay. Your concern was raised internally prior, and we determined that it’s best to bring the discussion through the support ticket.At this time, we don’t have a built‑in or turnkey solution for this. However, our team is exploring whether a script that watches the event stream for specific classification events could work.To help move things forward, I’ve submitted a ticket on your behalf and looped in your Customer Success Manager. You should receive your ticket number shortly via email for reference. In the meantime, please keep an eye out for a follow‑up email from our support team.We’re looking forward to getting this resolved for you.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded