Skip to main content
McAfee Enterprise MVISION Cloud

Extend Anti-malware Filtering

You can extend the default process for anti-malware filtering in several ways.

To include more data in the process, which improves the accuracy of its results, the following can be done.

  • Using URL information — URL information can be used in the anti-malware filtering process. This information includes URL categories and reputation scores.
  • Connecting to a TIE server — Information retrieved from a TIE server can be used in the anti-malware filtering process. The TIE server is in turn notified of critical filtering results found by anti-malware filtering on Secure Web Gateway.
  • Integrating Advanced Threat Defense — After having been scanned on Secure Web Gateway, web objects can additionally be scanned by Advanced Threat Defense.

Other measures for extending the process can be taken to ensure a smooth workflow.

  • Using the anti-malware queue — To avoid overloading of the anti-malware filtering process, user requests for access to web objects can be moved to a queue before being processed.
  • Scanning media streams chunk-by-chunk — The scanning of media streams, which is done for anti-malware filtering purposes, can be performed chunk-by-chunk instead of in a single long-lasting process. This improves user experience by reducing waiting time.

Extending the process can also be a means to prevent potential issues from occurring.

  • Dealing with a missing ICAP host header — When messages received in ICAP communication on Secure Web Gateway fail to provide a host header, processing issues can occur. There are several ways to solve these issues.
  • Was this article helpful?