Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Content Gateway Analysis > Configuring Content Gateway analysis > Content Gateway advanced analysis options
Content Gateway advanced analysis options
Administrator Help | Forcepoint Web Security | v8.5.x
Related topics:
Use these options to:
*
*
*
*
Content categorization and scanning sensitivity level
The algorithms used to perform content categorization and analysis are tuned by Forcepoint Security Labs to provide optimal results for most organizations. If the Optimized setting does not produce the results you expect, however, you can adjust the sensitivity level of the analytics.
The sensitivity levels affect how strictly real-time analysis applies its criteria to determine whether analyzed content contains a threat, or needs to be recategorized.
*
When more strict criteria are used, fewer sites are found to be threats, and fewer sites are recategorized in real time.
This may increase the number of false negatives, where risky sites are treated as safe.
*
When less strict criteria are used, more sites meet the criteria for threats or recategorization.
This may increase the number of false positives, where innocuous sites are treated as risky.
If you are receiving too many false positives, adjust the sensitivity level to the right (more strict). This means that a site will have to meet a higher threshold (match more criteria) to be considered malicious or require recategorization.
If you believe that sites that should have been blocked are being permitted, adjust the sensitivity level to the left (less strict). This means a site won't have to reach so high a threshold (match fewer criteria) to be considered malicious or require recategorization.
If you make an adjustment, click OK to cache your changes. Changes are not implemented until you click Save and Deploy.
Scanning timeout
Each content or file analysis consumes a variable amount of time that cannot be determined before analysis begins. By default, to ensure a good user experience, analysis is limited to 1.5 seconds (1500 milliseconds). To adjust the timeout, select Custom and enter a value within the range 500 - 10000 (milliseconds).
Scan size limit
The scan size limit is the threshold to which analysis is performed. Analysis stops when the threshold is reached. The default is 10 MB. To change the value, select Custom and enter a size in megabytes.
Content delay handling
Depending on the Content Gateway configuration and load conditions, very large files, streamed transactions, and slow origin servers can leave clients waiting for content.
The options in this section provide a tool for delivering a portion of buffered content to the client before analysis is performed. Analysis begins when all data is received or the scan size limit is exceeded.
Use Begin returning data to the client after to specify a time period after which a percentage of buffered data is released to the client. The default is 30 seconds. Select Custom to enter another value.
Use Specify how much data to return to the client to specify the percentage of buffered data to release to the client. The default is 80 percent. Select Custom to enter a different value, up to 90 percent.
Content stripping
Threats to your system can be hiding in active content sent via web pages. Active content is content that is embedded in the HTML page that performs actions, such as running an animation or a program.
The content stripping options make it possible to specify that content in particular scripting languages (ActiveX, JavaScript, or VB Script) be stripped from incoming web pages. If content stripping is enabled, all content in the specified scripting languages is removed from sites flagged as containing dynamic content or appearing on the Always Scan list (see Configuring Content Gateway analysis).
Content is removed only after the advanced analysis options have categorized the site and Filtering Service has determined which policy applies.
 
Warning 
The user requesting a page with active content does not receive any notification that content has been removed.
Use the Settings > Scanning > Scanning Options > Advanced Options area to set content stripping options.
1.
In the Advanced Options > Content Stripping area, select the types of scripting languages to be removed from incoming web pages.
To disable content stripping for a selected language, clear the associated check box.
2.
When you are finished, click OK to cache your changes. Changes are not implemented until you click Save and Deploy.
 
Warning 
1) Open the Content Gateway manager and go to the Configure > Protocols > HTTP > Privacy tab.
2) In the Remove Headers > Remove Others field, add: Accept-Encoding
3) Click Apply and restart Content Gateway.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Content Gateway Analysis > Configuring Content Gateway analysis > Content Gateway advanced analysis options
Copyright 2018 Forcepoint. All rights reserved.