Anti-Virus
What can I do here?
Use this window to configure the Anti-Virus settings for the Threat Prevention profile.
|
Getting Here - Security Policies > Threat Prevention > Policy > Threat Tools > Profiles > Profile > Anti-Virus
|
Configuring Anti-Virus Settings
You can configure Threat Prevention to exclude files from inspection, such as internal emails and internal file transfers. These settings are based on the interface type (internal or external, as defined in SmartConsole) and traffic direction (incoming or outgoing).
Before you define the scope for Threat Prevention, you must make sure that your DMZ interfaces are configured correctly. To do this:
- In SmartConsole, click and double-click the Security Gateway.
The gateway window opens and shows the page.
- From the navigation tree, click and then double-click a DMZ interface.
- In the page of the window, click .
- In the window, click and .
- Click and close the gateway window.
Perform this procedure for each interface that goes to the DMZ.
You can configure the Anti-Virus profile to enable . The Anti-Virus engine unpacks archives and applies proactive heuristics. If you use this feature, it can have an impact on network performance.
|
Note - The MIME Nesting settings are the same for Anti-Virus and Threat Emulation.
|
To configure Anti-Virus settings for a Threat Prevention profile:
- In SmartConsole, select > .
- From the section, click .
The page opens.
- Right-click the profile, and click .
- From the navigation tree, click .
- Select the Anti-Virus options:
- - Select the UserCheck message that opens for a action.
- - Select the UserCheck message that opens for an action.
- In the section, select an interface type and traffic direction option:
- Select the applicable that Anti-Virus scans.
- Optional: Configure how Anti-Virus inspects SMTP traffic.
- Click .
The window opens.
- Configure the settings.
- - For emails that contain nested MIME content, Set the maximum number of levels that the ThreatSpect engine scans in the email.
- - If there are more nested levels of MIME content than the configured amount, select to or the email file.
- Select :
- To configure the specific file type families:
- Click .
- In the window, for each file type, select the Anti-Virus action for the file type.
- Click to close the window.
- Click and close the Threat Prevention profile window.
- .
To enable Archive Scanning:
- Select
- Click .
- Set the amount in seconds to . The default is 30 seconds.
- Set to block or allow the file .
The default setting is .
- Click and close the Threat Prevention profile window.
- .
Blocking Viruses
To block viruses and malware in your organization:
- In SmartConsole, click and double-click the Security Gateway.
- In the page, select the Software Blade.
The window opens.
- Select and click .
- Close the gateway Properties window and publish the changes.
- Click >> >.
- Click .
A new rule is added to the Threat Prevention policy. The Software Blade applies the first rule that matches the traffic.
- Make a rule that includes these components:
- - Give the rule a name such as .
- The list of network objects you want to protect. In this example, the network object is used.
- The Profile that contains the protection settings you want. The default profile is .
- The type of log you want to get when detecting malware on this scope. In this example, keep and also select to capture the packets of malicious activity. You will then be able to view the actual packets in .
- - Keep it as or choose specified gateways to install the rule on.
- Install the Threat Prevention policy.