Fine-tune Malware Blocking after Additional Scanning
Set advanced options for a feature that is involved in the malware blocking when this process uses additional scanning functions.
The Anti-Malware for ATD feature is associated with the Advanced Threat Defense rule set, which handles malware blocking using the additional functions provided by Advanced Threat Defense.
- On the user interface, select Policy > Web Policy > Feature Configuration.
- From the Feature Config list, select Anti-Malware for ATD > Gateway ATD.
- From the Actions drop-down list, select Clone and Edit.
- Provide a name for the feature configuration and an optional comment.
- Configure these settings. When selected, the following functions are used in the malware blocking process:
- Reuse previous detection within — The result of the previous scan is reused if generated within the specified number of minutes.
- Do not start separate analysis process on ATD — An active process is used to evaluate a file that is the same as the file being scanned.
- Send Client IP and URL to ATD — The IP address or URL of the client making the web request is sent to Advanced Threat Defense.
- Using the slider, select a value in the 0–5 range for the Severity Threshold to indicate a malicious file. When Advanced Threat Defense scans a file and returns a value greater than or equal to the threshold, the file is classified as malicious.
- Specify the User name and Password to connect and authenticate to Advanced Threat Defense.
- To configure a list of the servers hosting Gateway ATD, click Add Service for each server. Provide values for these settings, then click Save.
- Type — Select http or https from the drop-down list.
- Hostname/IP — Specify the host name or IP address of the server.
- Port — Specify the port number of the server.
- To configure a list of trusted server certificates, click Add Certificate to upload them. Optionally configure the following fields, then click Save.
- Certificate revocation list URI — Specifies the Uniform Resource Identifier (URI) where the certificate revocation list (CRL) is checked and the validity of the CA certificate is verified.
- OCSP responder URI — Specifies the URI where the revocation status of a particular CA certificate is requested.
- Trusted — When selected, the certificate is trusted.
- Click Save.
The named Anti-Malware for ATD configuration is saved.
You can publish saved changes to the cloud or keep working and publish later.