Web Gateway uses the functions of Advanced Threat Defense for scanning a web object after the object has been scanned by the anti-malware engines on Web Gateway.
The Advanced Threat Defense library rule set uses this probability in its criteria. The default value that must be reached for the criteria to match is 60. This means that only if scanning a web object on Web Gateway results in a malware probability of 60 percent or more, is it passed on to Advanced Threat Defense.
When configuring the use of Advanced Threat Defense, you can increase or lower this value and, consequently, let this product support Web Gateway more or less frequently.
It is therefore important that, on the rule sets tree, the rule set for Advanced Threat Defense is placed behind the rule set for the normal anti-malware functions on Web Gateway, which is usually the Gateway Anti-Malware default rule set.
The Anti-Malware module (or engine) runs with two different settings, when Web Gateway and Advanced Threat Defense work together: one for the Web Gateway part and one for the part of the supporting product. The default names of the two settings are Gateway Anti-Malware and Gateway ATD.
One important point in which the settings differ from each other is that the Gateway ATD settings have the option for using Advanced Threat Defense selected, whereas this option is deselected in the other settings.