Skip to main content
McAfee Enterprise MVISION Cloud

Configure the Scanning Engines

Several scanning engines are available for scanning web objects, depending on what licenses you have purchased. You can configure their use if you do not want to use them in the default way.

  1. Select Policy | Rule Sets.
  2. Access an instance of the Anti-Malware settings.
    1. Select Policy | Settings.
    2. On the settings tree, navigate to the Anti-Malware settings and select one of the settings instances that are available, for example, the Gateway Anti-Malware settings.

NOTE: You can also access an instance of the Anti-Malware settings from within a suitable rule or from the key elements view of the Gateway Anti-Malware default rule set.

  1. Under Select Scanning Engines and Behavior, select one of the following options for using scanning engines in different combinations:

    At the end, make a choice on whether scanning will continue or not after one of the scanning engines has detected a virus or other malware.
Option Definition

Full Skyhigh Security coverage: The recommended high-performance configuration

When selected, the Skyhigh Security Gateway Anti-Malware engine and the Skyhigh Security Anti-Malware engine are active.

Web objects are then scanned using:

Proactive methods + Virus signatures

If you are running Secure Web Gateway with a license for Skyhigh Security Gateway Anti-Malware in addition to the one for Secure Web Gateway itself, this option is selected by default.

Layered coverage: Full Skyhigh Security coverage plus specific Avira engine features — minor performance impact

When selected, the Skyhigh Security Gateway Anti-Malware engine, the Skyhigh Security Anti-Malware engine, and, for some web objects, also the third-party Avira engine are active.

Web objects are then scanned using:

Proactive methods + Virus signatures + Third-party engine functions for some web objects

Duplicate coverage: Full Skyhigh Security coverage and Avira engine — less performance and more false positives

When selected, the Skyhigh Security Gateway Anti-Malware engine, the Skyhigh Security Anti-Malware engine, and the third-party Avira engine are active.

Web objects are then scanned using:

Proactive methods + Virus signatures + Third-party engine functions

Skyhigh Security​​​​​​​ Anti-Malware without mobile code scanning and emulation

When selected, only the Skyhigh Security Anti-Malware engine is active.

Web objects are then scanned using:

Virus signatures

This is the option that you must select when running Secure Web Gateway with a license for Secure Web Gateway only, but without a license for Skyhigh Security Gateway Anti-Malware.

The Skyhigh Security Gateway Anti-Malware license includes a license for Avira.

Avira only: Only uses Avira engine — not recommended

When selected, only the Avira engine is active.

Web objects are then scanned using:

Third-party engine functions

Skyhigh Security Advanced Threat Defense only: Send files to an MATD appliance for deep analysis through sandboxing

When selected, only scanning by Advanced Threat Defense is active.

Stop virus scanning right after an engine detected a virus

When selected, all engines stop scanning a web object as soon as one of them has detected an infection by a virus or other malware.

  1. Click OK to close the window.

If you select the Avira only option, we recommend renaming these settings to indicate that a key value has changed.

You might, for example, change the settings name from Gateway Anti-Malware to Avira Anti-Malware.

Instead of renaming the settings, you might also create additional settings to have different settings options available for configuring rules.

  • Was this article helpful?