You can extend the default process for anti-malware filtering in several ways.
To include more data in the process, which improves the accuracy of its results, the following can be done.
- Using URL information — URL information can be used in the anti-malware filtering process. This information includes URL categories and reputation scores.
- Connecting to a TIE server — Information retrieved from a TIE server can be used in the anti-malware filtering process. The TIE server is in turn notified of critical filtering results found by anti-malware filtering on Secure Web Gateway.
- Integrating Advanced Threat Defense — After having been scanned on Secure Web Gateway, web objects can additionally be scanned by Advanced Threat Defense.
Other measures for extending the process can be taken to ensure a smooth workflow.
- Using the anti-malware queue — To avoid overloading of the anti-malware filtering process, user requests for access to web objects can be moved to a queue before being processed.
- Scanning media streams chunk-by-chunk — The scanning of media streams, which is done for anti-malware filtering purposes, can be performed chunk-by-chunk instead of in a single long-lasting process. This improves user experience by reducing waiting time.
Extending the process can also be a means to prevent potential issues from occurring.
- Dealing with a missing ICAP host header — When messages received in ICAP communication on Secure Web Gateway fail to provide a host header, processing issues can occur. There are several ways to solve these issues.