Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Defining Web Policies > Web Content & Security tab
Web Content & Security tab
 
Related topics:
Use the Web Content & Security tab of the Web > Policies page for a selected policy to configure advanced analysis options, including exceptions. This tab is available for Forcepoint Web Security Cloud only.
Advanced Classification Engine (ACE) analysis overview
ACE advanced analysis includes:
*
Real-Time Content Classification returns a category for URLs that have not already been blocked by the active policy, and:
*
*
Content classification adapts to rapidly-changing web content, including user-generated content, such as that found on social-networking sites.
Optionally, you can select Analyze links embedded in Web content as part of content classification to provide more accurate categorization of certain types of content. For example, a page that otherwise has little or no undesirable content, but that links to sites known to have undesirable content, can be more accurately categorized. Link analysis is particularly good at finding malicious links embedded in hidden parts of a page, and in detecting pages returned by image servers that link thumbnails to undesirable sites.
*
Real-Time Security Classification analyzes web pages in real time to discover security threats and malicious code in HTTP. You can enable advanced analysis for one of the following:
*
*
 
Note 
You must enable Real-Time Security Classification to use the options on the Application Controls tab. See Application Control tab.
*
Antivirus File Analysis - Inbound analyzes files using traditional antivirus (AV) definitions to find virus-infected files that users are attempting to download.
*
Advanced Detection File Analysis - Inbound analyzes files using advanced detection techniques to discover malicious content, such as viruses, Trojan horses, and worms, returning a threat category for policy enforcement.
You can configure the specific types of files to analyze under File Type Analysis Options. Note that executable file analysis is configured separately (see Configuring file analysis).
 
Note 
*
Rich Internet Application Analysis is applied to active content like Flash and Silverlight to detect and block malicious content.
There are also two ACE outbound traffic analysis options that are enabled by default and cannot be turned off. This ensures that viruses and other malicious content cannot be sent from your network.
*
Antivirus and Advanced Detection File Analysis - Outbound parallels the inbound file analysis applied by the Antivirus File Analysis and Advanced Detection File Analysis.
*
Bot and Spyware "phone home" Traffic Analysis detects phone-home communication attempts from malware in your network and ensures that they are categorized and blocked.
The cloud service must analyze and block outbound malicious traffic in order to protect itself from being perceived as a malicious actor. Some origin servers blacklist client IP addresses if they detect malicious communications or hack attempts. If malicious communications were permitted to go through cloud proxies, the proxies would be blacklisted. This could mean that a single infected client could cause all clients browsing via the same cluster to be blacklisted.
This traffic is also logged, so you can run a report to obtain a list of the infected computers in your network.
Configuring ACE analysis settings
On the Web Content & Security tab for the selected policy:
1.
To enable content security, select Real-Time Content Classification.
2.
Select Analyze links embedded in Web content to include embedded link analysis in content categorization. Requests that are blocked as a result of link analysis are logged and can be viewed in Analysis Activity reports.
3.
To enable security analysis, select Real-Time Security Classification.
*
Select Analyze content from sites with elevated risk profiles to enable file analysis on files from uncategorized sites and files from sites with elevated risk profiles, as identified by Security Labs.
*
Select Analyze content from sites with elevated risk profiles and from sites with lower risk profiles to analyze inbound files. This option is resource intensive.
4.
Select Antivirus File Analysis - Inbound to enable file analysis with antivirus definitions.
*
Select Analyze content from sites with elevated risk profiles to enable file analysis on files from uncategorized sites and files from sites with elevated risk profiles, as identified by Security Labs.
*
Select Analyze content from sites with elevated risk profiles and from sites with lower risk profiles to analyze inbound files. This option is resource intensive.
5.
Select Advanced Detection File Analysis - Inbound to enable advanced detection file analysis.
*
Select Analyze content from sites with elevated risk profiles to enable file analysis on files from uncategorized sites and files from sites with elevated risk profiles, as identified by Security Labs.
*
Select Analyze content from sites with elevated risk profiles and from sites with lower risk profiles to analyze inbound files. This option is resource intensive.
 
Note 
6.
Select Rich Internet Application analysis to analyze Flash, Silverlight, and similar files for malicious content.
7.
Click Save.
To manage which file types are analyzed, continue with Configuring file analysis.
To configure exceptions to advanced analysis, see Analysis exceptions.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Defining Web Policies > Web Content & Security tab
Copyright 2020 Forcepoint. All rights reserved.