When a web object, for example a web page or executable file, is scanned by the Gateway Anti-Malware (GWAM) engine and found to be infected with malicious content, relevant data is collected and sent to the Skyhigh Security servers involved in the scanning.
The data is sent each time malicious content is detected.
Data collected for malware scanning
The following types of data are collected for malware scanning.
- Product name, for example, SWG
- Version number, for example, 7.5.0
- Time stamp
- HTTP method
- URL that was submitted by a user
This does not include user name and password (if contained in the URL), nor any URL parameters.
- Occurrence count, specifying how often the malicious content was detected
- Name of the malware
- Content type
- Content hash
- Content length
- HTTP Referer Header
- HTTP User Agent Header
Disable data collection for malware scanning
You can disable the collection of data about malware scanning by configuring the feedback settings on the user interface of Secure Web Gateway.
- Select Configuration > Appliances, then select the appliance you want to disable the collection of malware scanning data for.
- Click Telemetry.
- Deselect Send feedback to Skyhigh Security about potentially malicious web sites.
- Click Save Changes.