Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Detecting and Blocking File Transfer Applications

            Modified on Tue, 30 Sep at 3:37 PM

            File transfer applications (such as FTP, SFTP servers, tnftp, FileZilla, etc.) can pose security and compliance risks if installed on enterprise endpoints without authorization. These applications may allow unauthorized movement of sensitive data outside the organization.

            The Saner CVEM platform helps administrators detect, analyze, and block unauthorized file transfer applications across devices.

            1. Detecting File Transfer Applications

            Saner CVEM continuously monitors endpoints and generates Posture Anomalies when file transfer applications are found.

            Steps to Detect:


            Navigate to Posture Anomaly (PA) Dashboard.

            1. Locate the anomaly PA-2022-1061 – File Transfer Apps are installed.
               This rule triggers whenever a known file transfer application is detected.
            2. Review the Summary Section:
              • OS family with the most anomalies (e.g., Unix).
              • Group with the most anomalies (e.g., Ubuntu).
              • Operating System version with the highest anomalies (e.g., Ubuntu 24.04).
            3. Drill down into Posture Anomaly by Device:
              • Lists affected hostnames, OS families, and anomaly counts.
            4. Check Posture Anomaly by Incidence:
              • Shows the specific application name, publisher, and number of devices impacted.
              • Example:
                • ftp (Ubuntu Developers) – 2 devices
                • openssh-sftp-server (Ubuntu Developers) – 2 devices
                • tnftp (Ubuntu Developers) – 2 devices
                • FileZilla 3.69.3 (Tim Kosse) – 1 device
            5. Visual dashboards (by Group, Family, OS) provide quick insight into distribution.

            2. Investigating the Risk
            Once identified:

            • Check device groups (e.g., Ubuntu servers, Windows workstations).
            • Verify if the installation was intentional (e.g., for development/testing) or unauthorized.
            • Correlate with user activity and business use cases before blocking.


            3.Blocking File Transfer Applications

            Saner CVEM provides a direct Application and Device Control option for handling detected anomalies.

            Steps to Block:

            1. Select Fix, and go to Detected Anomalies Action panel,
              • Application and Device Control
              • Or choose Software Deployment (for uninstall).
            2. Under Possible Actions, click Application Block to restrict execution of the detected file transfer app.
            3. To allow again (for approved apps), use Application Unblock.




            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0