![]() |
![]() |
![]() |
![]() |
Content Gateway Analysis > Configuring Content Gateway analysis > Configuring file analysis
|
![]() |
Advanced Detection applies techniques developed by Websense to discover known and emerging threats, including viruses, Trojan horses, worms, and other malicious content.
|
![]() |
Antivirus Scanning uses antivirus definition files to identify virus-infected files.
|
![]() |
File Sandboxing sends files that fit a profile defined by Websense Security Labs to a cloud-hosted sandbox for activation and observation. If a file is found to be malicious, an email alert is sent to the configured administrator that contains a description of the threat, a link to a detailed File Sandboxing report, and a link to an investigative report built from your Log Database.
|
![]() |
Rich Internet application scanning examines Flash files for malicious content.
|
![]() |
FTP file scanning examines inbound FTP files for malicious content.
|
1.
|
Select Off to disable file analysis.
|
2.
|
Select On (default) to enable file analysis on files from uncategorized sites and files from sites with elevated risk profiles, as identified by Websense Security Labs.
|
3.
|
Select Aggressive analysis to analyze inbound files from sites with elevated risk profiles and from sites with lower risk profiles. This option consumes additional system resources.
|
1.
|
Select Off to disable antivirus analysis.
|
2.
|
Select On (default) to enable antivirus analysis of files from uncategorized sites and files from sites with elevated risk profiles, as identified by Websense Security Labs.
|
3.
|
Select Aggressive analysis to apply antivirus analysis to inbound files from sites with elevated risk profiles and from sites with lower risk profiles. This option consumes additional system resources.
|
1.
|
Select Off (default) to disable File Sandboxing analysis.
|
2.
|
Select On to send qualified executable files to the cloud-hosted sandbox for analysis.
|
3.
|
Select Submit additional documents to send additional supported file types to File Sandboxing for analysis.
|
![]() |
Is not classified as "malicious" in the Websense Master Database
|
![]() |
Passes all Security Threats: File Analysis analytics
|
![]() |
Because the file was not detected as malicious, it was not blocked and has been delivered to the requester.
|
To receive File Sandboxing email messages, which is the only mechanism used to report files found to be malicious by sandbox analysis, you must enable and configure email alerts.
Go to Settings > Alerts > Enable Alerts, select Enable email alerts and specify an Administrator email address. Also confirm that your SMTP settings are correct.
|
The User-Agent is ssbc.
Filter.config rules are configured, by default, in Content Gateway. If Content Gateway is in a proxy chain or behind a firewall, those devices may have to be configured to meet the requirements described above.
|
2.
|
The URL is not categorized as "malicious" and Security Threats: File Analysis does not find the file to be malicious.
|
8.
|
Separately, File Sandboxing updates the ThreatSeeker® Intelligence Cloud with information about the file, the source URL, and the command and control targets.
|
The Scan rich Internet applications and Scan FTP files options are available only when Advanced Detection is enabled. When the Advanced Detection file analysis feature is turned off, these options are disabled and the check boxes are cleared.
|
1.
|
To specify the types of files to analyze, click File Type Options. As a best practice, analyze all suspicious files, as identified by Websense Security Labs, and all executable and unrecognized files.
|
2.
|
To always analyze files having a specific extension, select Files with the following extensions, enter the extension in the entry field and click Add.
|
![]() |
![]() |
![]() |
![]() |
Content Gateway Analysis > Configuring Content Gateway analysis > Configuring file analysis
|