Extending the Anti-malware Filtering Process
You can extend the default process for anti-malware filtering in several ways.
To include more data in the process, which improves the accuracy of its results, the following can be done.
Using URL information — URL information can be used in the anti-malware filtering process. This information includes URL categories and reputation scores. For more information, see Using URL Information for Anti-malware filtering.
Connecting to a TIE server — Information retrieved from a TIE server can be used in the anti-malware filtering process. The TIE server is in turn notified of critical filtering results found by anti-malware filtering on Web Gateway. For more information, see Integrating TIE Server Information with Anti-malware Filtering and Configure the Integration of TIE Server Information with Anti-malware Filtering.
Integrating Advanced Threat Defense — After having been scanned on Web Gateway, web objects can additionally be scanned by Advanced Threat Defense, see About Advanced Threat Defense.
Other measures for extending the process can be taken to ensure a smooth workflow.
Using the anti-malware queue — To avoid overloading of the anti-malware filtering process, user requests for access to web objects can be moved to a queue before being processed, see Anti-malware Queue.
Scanning media streams chunk-by-chunk — The scanning of media streams, which is done for anti-malware filtering purposes, can be performed chunk-by-chunk instead of in a single long-lasting process. This improves user experience by reducing waiting time. For more information, see Media Stream Scanning.
Extending the process can also be a means to prevent potential issues.
Dealing with a missing ICAP host header — When messages received in ICAP communication on Web Gateway fail to provide a host header, processing issues can occur. There are several ways to solve these issues. For more information, see Dealing with a Missing Host Header and Configure Reduced Use of the Gateway Anti-Malware Engine.