UserCheck Custom Frequency

What can I do here?

Use this window to set the number of times that users get UserCheck messages for accessing applications that are not permitted by the policy.

Getting Here - Security Policies > Threat Prevention > Policy > Threat Tools > Profiles > Profile > Anti-Bot / Anti-Virus > UserCheck Settings > Show: Custom Frequency > Configure

Configuring Anti-Virus Settings

You can configure Threat Prevention to exclude files from inspection, such as internal emails and internal file transfers. These settings are based on the interface type (internal or external, as defined in SmartConsole) and traffic direction (incoming or outgoing).

Before you define the scope for Threat Prevention, you must make sure that your DMZ interfaces are configured correctly.

Do this procedure for each interface that goes to the DMZ.

You can configure the Anti-Virus profile to enable archive scanning. The Anti-Virus engine unpacks archives and applies proactive heuristics. If you use this feature, it can have an impact on network performance.

Note - The MIME Nesting settings are the same for Anti-Virus and Threat Emulation.

Anti-Virus Settings of the Threat Prevention Profile

UserCheck Messages

Select the UserCheck Messages options:

• Prevent - Select the UserCheck message that opens for a Prevent action.
• Ask - Select the UserCheck message that opens for an Ask action.
• Show - Select the frequency the Ask message is shown.

Protected Scope

• Inspect incoming files from - Sends only incoming files from the specified interface type for inspection. Outgoing files are not inspected. Select an interface type from the list:
  • External - Inspect incoming files from external interfaces. Files from the DMZ and internal interfaces are not inspected.
  • External and DMZ - Inspect incoming files from external and DMZ interfaces. Files from internal interfaces are not inspected.
  • All - Inspect all incoming files from all interface types.
• Inspect incoming and outgoing files - Sends all incoming and outgoing files for inspection.

Protocol

Select the protocols that Anti-Virus scans:

• HTTP
• Mail - Click Configure to set the options.
• HTTPS

File Types

Select the File Types that Anti-Virus scans:

• Process file types known to contain malware.
• Process all file types.
• Process specific file type families - Click Configure to block or inspect specified file types.

Archives

Configure how the ThreatSpect engine unpacks and scans file archives. The Anti-Virus engine unpacks archives and applies proactive heuristics. If you use this feature, it can have an impact on network performance.