Because the designated size is over 10 MB the proxy options cannot be used to block the file size. Multiple filters will have to be used in this case and the order that they are used is important. Because there is no mechanism to move the filters within the sensor the order that they are added to the sensor is important.

Security Profile > Data Leak Prevention > Sensor.

Create a new sensor

Use the following values

Once the Sensor has been created a new filter will need to be added.

Create New

Use the following values

Filter:

Examine the following Services

Action

Select OK

A second filter will need to be added.

Use the following values

Filter:

Examine the following Services

Action

Select OK

Select Apply

Add the sensor to the appropriate policy.

The reason that the block filter is placed first is because the filters are applied in sequence and once the traffic triggers a filter the action is applied and then the traffic is passed on to the next test. If the Log Only filter which checks for anything over 1MB is triggered this would include traffic over 15MB, so a 16 MB file would only be logged. In the described order, the 16 MB file will be blocked and the 3 MB file will be logged.