Skip to main content
McAfee Enterprise MVISION Cloud

Workflows to Use Advanced Threat Defense

Different workflows can be configured when Advanced Threat Defense is used to perform an additional scanning of web objects.

Forwarding a web object depending on the additional scanning

The following diagram shows the workflow that forwards a web object to a user depending on the scanning result of Advanced Threat Defense.

Figure 18-1 Web object is forwarded depending on additional scanning result.jpg

  1. A user sends a request to access a web object, for example, a file, from a system within your network that is a client of Secure Web Gateway.
  2. If the request passes filtering according to the configured rules, Secure Web Gateway forwards it to the appropriate web server.
    A progress page is sent to the client, telling the user to wait while the request is processed.
  3. The web server sends the object to Secure Web Gateway.
  4. If the criteria for using Advanced Threat Defense are met, Secure Web Gateway passes the object on for scanning.
    To retrieve information on the scanning progress, Secure Web Gateway queries Advanced Threat Defense in regular intervals.
  5. When Advanced Threat Defense has completed the scanning, it lets Secure Web Gateway know whether the object is malicious or not.
  6. Depending on this information, Secure Web Gateway allows the user to access the requested object or sends a  block page, which states that access is blocked and gives a reason for the blocking.
  • Was this article helpful?