![]() |
![]() |
![]() |
![]() |
Content Gateway Analysis > Scanning options > Security threats: File analysis
|
![]() |
Advanced Detection applies techniques developed by Websense to discover known and emerging threats, including viruses, Trojan horses, worms, and other malicious content.
|
![]() |
Antivirus Scanning uses antivirus definition files to identify virus-infected files.
|
![]() |
ThreatScope™ Analysis sends files that fit a profile defined by Websense Security Labs to a cloud-hosted sandbox for activation and observation. If a file is found to be malicious, an email alert is sent to the Web Security alert recipient that contains a description of the threat, a link to a detailed ThreatScope report, and a link to an Investigative Report built from your log database.
|
![]() |
Rich Internet application scanning examines Flash files for malicious content.
|
![]() |
FTP file scanning examines inbound FTP files for malicious content.
|
1.
|
Select Off to disable file analysis.
|
2.
|
Select On (default) to enable file analysis on files from uncategorized sites and files from sites with elevated risk profiles, as identified by Websense Security Labs.
|
3.
|
Select Aggressive analysis to analyze inbound files from sites with elevated risk profiles and from sites with lower risk profiles. This option consumes additional system resources.
|
1.
|
Select Off to disable antivirus analysis.
|
2.
|
Select On (default) to enable antivirus analysis of files from uncategorized sites and files from sites with elevated risk profiles, as identified by Websense Security Labs.
|
3.
|
Select Aggressive analysis to apply antivirus analysis to inbound files from sites with elevated risk profiles and from sites with lower risk profiles. This option consumes additional system resources.
|
1.
|
Select Off (default) to disable ThreatScope analysis.
|
2.
|
Select On to send qualified executable files to the cloud-hosted sandbox for analysis.
|
3.
|
Select Submit additional documents to send additional supported file types to ThreatScope for analysis.
|
![]() |
Is not classified as "malicious" in the Websense Master Database
|
![]() |
Passes all Security Threats: File Analysis analytics
|
![]() |
Because the file was not detected as malicious, it was not blocked and has been delivered to the requester.
|
To receive ThreatScope email messages, which is the only mechanism used by ThreatScope to report malicious files, you must enable and configure email alerts.
Go to Settings > Alerts > Enable Alerts, select Enable email alerts and specify an Administrator email address. Also confirm that your SMTP settings are correct.
|
The User-Agent is ssbc.
Filter.config rules are configured, by default, in Content Gateway. If Content Gateway is in a proxy chain or behind a firewall, those devices may have to be configured to meet the requirements described above.
|
2.
|
The URL is not categorized as "malicious" and Security Threats: File Analysis does not find the file to be malicious.
|
8.
|
Separately, ThreatScope updates the ThreatSeeker® Intelligence Cloud with information about the file, the source URL, and the command and control targets.
|
The Scan rich Internet applications and Scan FTP files options are available only when Advanced Detection is enabled. When the Advanced Detection file analysis feature is turned off, the rich Internet application scanning feature is disabled and the check box is cleared.
|
1.
|
To specify the types of files to analyze, click File Type Options. As a best practice, analyze all suspicious files, as identified by Websense Security Labs, and all executable and unrecognized files.
|
2.
|
To always analyze files having a specific extension, select Files with the following extensions, enter the extension in the entry field and click Add.
|
![]() |
![]() |
![]() |
![]() |
Content Gateway Analysis > Scanning options > Security threats: File analysis
|