![]() |
![]() |
![]() |
![]() |
Content Gateway Analysis > Configuring Content Gateway analysis > Configuring file analysis
|
![]() |
Advanced Detection applies techniques developed to discover known and emerging threats, including viruses, Trojan horses, worms, and other malicious content.
|
![]() |
Antivirus Scanning uses antivirus definition files to identify virus-infected files.
|
![]() |
Rich Internet application scanning examines Flash files for malicious content.
|
![]() |
FTP file scanning examines inbound FTP files for malicious content.
|
1.
|
Select Off to disable file analysis.
|
2.
|
Select On (default) to enable file analysis on files from uncategorized sites and files from sites with elevated risk profiles, as identified by Security Labs.
|
3.
|
Select Aggressive analysis to analyze inbound files from sites with elevated risk profiles and from sites with lower risk profiles. This option consumes additional system resources.
|
1.
|
Select Off to disable antivirus analysis.
|
2.
|
Select On (default) to enable antivirus analysis of files from uncategorized sites and files from sites with elevated risk profiles, as identified by Security Labs.
|
3.
|
Select Aggressive analysis to apply antivirus analysis to inbound files from sites with elevated risk profiles and from sites with lower risk profiles. This option consumes additional system resources.
|
The Scan rich Internet applications and Scan FTP files options are available only when Advanced Detection is enabled. When the Advanced Detection file analysis feature is turned off, these options are disabled and the check boxes are cleared.
|
1.
|
To specify the types of files Content Gateway is to analyze, click File Type Options. As a best practice, analyze all suspicious files, as identified by Security Labs, and all executable and unrecognized files.
|
2.
|
To always analyze files having a specific extension, select Files with the following extensions, enter the extension in the entry field and click Add.
|
1.
|
Check the box next to Enable Advanced File Analysis.
|
2.
|
Open the File analysis platform drop-down.
|
3.
|
b.
|
To not send files having a specific extension, check Files with the following extensions, enter file extensions in the input box provided, and click Add. Multiple file extensions can be added in a comma separated list.
|
4.
|
If you have purchased a Threat Protection Appliance, you can select Threat Protection appliance from the drop-down.
|
a.
|
Enter the IP address of the Threat Protection Controller (prod1 [P] interface) in the Controller IP address entry field.
|
b.
|
Click Check Status to confirm that Threat Protection is installed at that IP address. This check does not ensure connection to Content Gateway.
|
5.
|
When you are done configuring Advance File Analysis options, click OK to cache your changes. Changes are not implemented until you click Save and Deploy.
|
![]() |
Is not classified as "malicious" in the Master Database.
|
![]() |
Passes all selected Security Threats: File Analysis analytics.
|
![]() |
Is a supported file type. Executable files are always supported. See this knowledge base article for a list of supported file types.
|
Because the file was not detected as malicious, it was not blocked and has been delivered to the requester.
|
To receive Advanced File Analysis alerts, which is the mechanism used to send information about files found to be malicious by analysis, you must enable and configure email or SNMP alerts.
Go to Settings > Alerts > Enable Alerts. Select Enable email alerts and specify an Administrator email address. Also confirm that your SMTP settings are correct. Select Enable SNMP alerts and provide information about your SNMP Trap system.
Then, enable Advanced File Analysis Alerts on the Settings > Alerts > Suspicious Activity Alerts page.
|
The User-Agent is ssbc.
Filter.config rules are configured, by default, in Content Gateway. If Content Gateway is in a proxy chain or behind a firewall, those devices may have to be configured to meet the requirements described above.
|
2.
|
The URL is not categorized as "malicious" and Security Threats: File Analysis does not find the file to be malicious.
|
a.
|
Access and evaluate the Advanced File Analysis report. See Advanced File Analysis report for information on using that report.
|
a.
|
File Sandboxing updates the ThreatSeeker® Intelligence Cloud with information about the file, the source URL, and the command and control targets.
|
To receive Advanced File Analysis alerts, which is the mechanism used to send information about files found to be malicious by analysis, you must enable and configure email or SNMP alerts.
|
![]() |
![]() |
![]() |
![]() |
Content Gateway Analysis > Configuring Content Gateway analysis > Configuring file analysis
|