Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Malware Detection

Malware is distributed through various file formats. Skyhigh Security uses the Gateway Anti-Malware (GAM) engine, including Anti-Virus and GTI reputation service, to identify malicious content within web objects, such as web pages and executable files. The malware detection engine (GAM) and the Secure Web Gateway Opener support all common file types associated with malware for malware detection.

GAM detects infected or malicious content during the malware scanning process. Secure Web Gateway and GTI collect the telemetry data and transmit it to the GTI servers for advanced malware telemetry. This seamless data transmission occurs whenever Secure Web Gateway detects any malicious content.

NOTE: By default, the Skyhigh Security Cloud platform scans all types of files for malware. You can also scan specific file formats based on MIME type and file extensions. 

Data Collection for Malware Detection

Secure Web Gateway collects the following types of data during the malware detection process to identify potential threats and enhance malware detection/analysis. 

Data Type Description
Product Name Name of the security tool/product used for malware detection. For example, Secure Web Gateway.
Version Number Version number of the security tool/product used for malware detection. For example, 7.5.0.
Timestamp Date and time of malware detection. 
HTTP Method The HTTP method used to request the URL.
URL (User-Submitted) URL submitted by the user, excluding username and password (if applicable), and URL parameters.
Occurrence Count Frequency of malicious content detection. 
Malware Name Name or identifier of the detected malware.
Content Type Type of content associated with the detected malware.
Content Hash Hash value of the detected content.
Content Length Size or length of the detected content. 
HTTP Referrer Header URL of the webpage from which a user navigated to the malware-infected webpage.
HTTP User Agent Header Information about the user's browser, device, and operating system.

Supported File Formats for Malware Detection

Skyhigh Security supports various file formats to detect malware via any of its GAM, Anti-Virus, GTI, and SWG Opener components. Some of the file formats supported for malware detection are listed below.

File Format Supported Version(s) Extension(s)
Windows PE (Portable Executable) files x32-bit and 64-bit executable files EXE, DLL, SYS, OCX, CTL, COM, and more
Microsoft Office

All versions of Office XML and OLE2 formats

  • Microsoft Word: DOC, DOT, DOTX, DOTM, DOCM
  • Microsoft Excel: XLS, XLT, XLAM, XLTM, XLSM, XLSB, XLTX, XLA
  • Microsoft PowerPoint: PPT, PPS, POT, PPSX, POTX, PPSM, PPTM
Adobe Files N/A PDF, SWF
7Zip 4.57 7Z

GZIP

2

GZ

Android Application Packages N/A APK
Tape Archive N/A TAR
WinZip Through 10 ZIP
ARJ N/A  ARJ
Java Archive (Java, zip files) N/A JAR

JavaScript and Visual Basic Script (both standalone or within web pages/documents)

N/A JS, VBS

Image Files

N/A

JPG, JPE, JPEG, JIF, JFIF, JFI, PNG, TIF, TIFF

50+ File Formats

N/A HTML, MSG, CMD, LINK, VBE, and more

Non-Windows File Formats

N/A
  • macOS executables: Mach-O, DMG, PKG
  • Linux executable: ELF

Azure Information Protection (AIP)-supported File Formats

N/A

VSDX, BMP, XLT, VSDM, VDW, JIF, VSTX, TXT, PUB, XPS, VSTM, TIFF, MPP, JFI, PPSX, VSSX, PPSM, DNG, VSSM, XML, PSD, XLSX, VSDM, VSD, MPT, XLTM, DWFX, OXPS, XLTX, JPE, JT, VSS, VST

Disable Data Collection for Malware Detection

You can disable the collection of data for malware telemetry by configuring the feedback settings for your appliance in Secure Web Gateway.

To disable data collection for malware telemetry:

  1. Go to Configuration > Appliances, and select the appliance.
  2. Click Telemetry.
  3. Make sure that Send feedback to Skyhigh Security about potentially malicious web sites is not selected.
  4. Click Save Changes.
  • Was this article helpful?