Anti-Malware Block-List

Administrators can create Anti-Malware Block-List to mark any file type as malware. By adding a Block-List rule for a file type, the Anti-Malware engine automatically marks all matching file types as containing malware.

Note:

For file types (PDF, EML, HTML) that support link identification, you can choose to block these files based on whether they contain links or not.

You can add Anti-Malware Block-List rule from any of these:

  1. From the Anti-Malware Block-List:
    1. Click Security Settings > Exceptions > Anti-Malware.
    2. In the drop-down from the top of the page, select the exception type as Block-List.
    3. Click Create Block-List.
    4. Enter the required File Type.
      Note:

      When you add multiple file types, each file type will be added as a separate exception.

    5. For the file types that support link identification (PDF, EML, and HTML), select one of these:
      • Block always (with or without links)

      • Block only if contains links

      • Block only if does not contain links

      Note:

      This option is available only for PDF, EML, and HTML file types.

    6. If required, enter a comment for the Block-List rule.

      Administrators can use the commented text to filter and find the Block-Lists with a specific text from their comments.

    7. Click OK.
  2. From the Entity Profile page:
    1. Open the required attachment profile from the Security Events.
    2. Under Security Stack, click Create Block-List for Anti-Malware.

      The detected file type displays automatically.

    3. If required, add the required file types.
      Note:

      When you add multiple file types, each file type will be added as a separate exception.

    4. For the file types that support link identification (PDF, EML, and HTML), select one of these:
      • Block always (with or without links)

      • Block only if contains links

      • Block only if does not contain links

      Note:

      This option is available only for PDF, EML, and HTML file types.

    5. If required, enter a comment for the Block-List rule.

      Administrators can use the commented text to filter and find the Block-Lists with a specific text from their comments.

    6. Click OK.