A default process for anti-malware filtering is implemented on Secure Web Gateway after the initial setup. This process requires no administration, but you can configure it to meet the requirements of your organization.
Configure the settings of the Anti-Malware module.
a. Select Policy | Settings. On the Engines branch of the settings tree, expand the Anti-Malware settings and click an instance of these settings
that is currently in use, for example, the Gateway Anti-Malware settings. These settings are in use by default after the initial setup.
If you are not sure about which settings are in use, go to to the complete rules view, as explained in substep 2c. Review the anti-malware filtering
rules and find the settings you want to configure. In this view, you can access settings by clicking their name within a given rule.
b. Modify these settings as needed. For example:
Include the Avira scanning engine, which is not included by default, in the scanning process for web objects or exclude default engines.
For more information about how to include or exclude scanning engines, see Configure the Scanning Engines.
Shift the focus in analyzing mobile code behavior from accuracy to proactivity to achieve more accurate scanning results. Shift it in
reverse direction to block more suspicious web objects proactively, even if some of this code might actually not be malicious.
Modify advanced settings, for example, settings for running a prescan on web objects to reduce workload for the scanning engines.
For more information about these settings, see Module settings. This information is currently provided in PDF format. Under Contents on the
first page of the PDF file, click Anti-Malware settings to view them.
c. Create your own instance of the Anti-Malware settings if needed and use it for anti-malware filtering. You can also create several instances of
your own, for example, to use them in different filtering rules.
2. Configure the Gateway Anti-Malware rule set.
a. Select Policy | Rule Sets and on the rule set tree, click Gateway Anti-Malware.
b. Modify the rule set options as needed. For example:
Allow web objects to bypass anti-malware filtering.
You can allow bypassing based on the user-agent information that is sent in the headers of requests for web access or on the hosts that
access is requested to by entering the user agent information or the URLs of these hosts in whitelists.
You can also allow bypassing for web objects exceeding a size that you configure.
You can also access the Anti-Malware settings here and configure them as described under substep 1b.
c. To complete more complex anti-malware filtering tasks, go to the complete rules view. This view allows you to configure more rule
elements, as well as to modify, move, and delete rules, insert rules from other rule sets, and create rules of your own.
You can also create your own rule set for anti-malware filtering and use it together with the default rule set or delete this rule set.
For more information about this rule set, see Rule sets. This information is currently provided in PDF format. Under Contents on the second page
of the PDF file, click Gateway Anti-Malware rule set to view it. For the options mentioned in substep b, see the Key elements for anti-malware
filtering section. For substep c, see Complete rules of the Gateway Anti-Malware rule set.
3. Extend the anti-malware filtering process filtering as needed by using options that are not part of the Anti-Malware settings or the Gateway Anti-
Malware rule set.
You can, for example, retrieve URL filtering and TIE server information for the anti-malware filtering process or add Advanced Threat Defense (ATD)
scanning to this process.
For more information, see Extending the Anti-malware Filtering Process.