A network filter in the NBA policy, the NBA behaves like a firewall and simply blocks the matching data packets.
An application filter in the NBA policy, the NBA simply closes the TCP or UDP stream associated with the matching data packets.
A policy engine, the NBA passes the full decoded object data stream to a policy engine for analysis. It also forwards all associated data packets onto the receiving computer except for the final packet in the stream!
This final packet is retained by the NBA, pending the results of processing by the policy engine. If the policy engine instructs the NBA to:
Allow the email, IM comment or file, the NBA releases the final packet and sends it on to its destination. The receiving computer can then complete the transaction (for example, an email send operation or a HTTP Post operation).
Block the email, IM comment or file, the NBA closes the data stream prematurely, causing the destination device to recognize the error and discard the entire content of the stream. Note that for some transactions, this may result in the user being notified by their computer of disconnection errors.
