Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here

Skyhigh Security

Fine-tune Malware Blocking after Additional Scanning

Set advanced options for a feature that is involved in the malware blocking when this process uses additional scanning functions.

The Anti-Malware for ATD feature is associated with the Advanced Threat Defense rule set, which handles malware blocking using the additional functions provided by Advanced Threat Defense.

  1. On the user interface, select Policy > Web Policy > Feature Configuration.
  2. From the Feature Config list, select Anti-Malware for ATD > Gateway ATD.
  3. From the Actions drop-down list, select Clone and Edit.
  4. Provide a name for the feature configuration and an optional comment.
  5. Configure these settings. When selected, the following functions are used in the malware blocking process:
    • Reuse previous detection within — The result of the previous scan is reused if generated within the specified number of minutes.
    • Do not start separate analysis process on ATD — An active process is used to evaluate a file that is the same as the file being scanned.
    • Send Client IP and URL to ATD — The IP address or URL of the client making the web request is sent to Advanced Threat Defense.
  6. Using the slider, select a value in the 0–5 range for the Severity Threshold to indicate a malicious file. When Advanced Threat Defense scans a file and returns a value greater than or equal to the threshold, the file is classified as malicious.
  7. Specify the User name and Password to connect and authenticate to Advanced Threat Defense.
  8. To configure a list of the servers hosting Gateway ATD, click Add Service for each server. Provide values for these settings, then click Save.
    • Type — Select http or https from the drop-down list.
    • Hostname/IP — Specify the host name or IP address of the server.
    • Port — Specify the port number of the server.
  9. To configure a list of trusted server certificates, click Add Certificate to upload them. Optionally configure the following fields, then click Save.
    • Certificate revocation list URI — Specifies the Uniform Resource Identifier (URI) where the certificate revocation list (CRL) is checked and the validity of the CA certificate is verified.
    • OCSP responder URI — Specifies the URI where the revocation status of a particular CA certificate is requested.
    • Trusted — When selected, the certificate is trusted.
  10. Click Save.
    The named Anti-Malware for ATD configuration is saved.

You can publish saved changes to the cloud or keep working and publish later.

  • Was this article helpful?