Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Trellix IVX Cloud — Perform Additional Malware Filtering

You can block access to web objects, for example, domains or hosts, if these prove to be infected by viruses or other malware. For this purpose, the Anti-Malware rule set is implemented by default on Secure Web Gateway after the initial setup.

To perform even more malware filtering, you can import the Trellix IVX Cloud rule set from the library that is provided. After having been filtered according to the rules of the default rule set, requests for web access are then submitted to malware filtering with Trellix IVX Cloud.

This filtering is performed according to the rules of the imported rule set, which you can configure.

  1. On the user interface for Secure Web Gateway, select Policy > Web Policy > Policy.

  2. From the rule set library, import the Trellix IVX Cloud rule set.

    For more information about how to import a rule set, see Import a Rule Set from the Library or Import a Rule Set from the Library — Visual Story.
  3. After you have imported the rule set, select it on the policy tree in the navigation panel.

    The rule set appears with its rules in the configuration area on the right.

  4. In the line with the rule set name, configure when this rule set should apply.

    • Under Criteria, leave the default All Traffic, as you want the rules in this rule set to apply to all types web traffic.

    • Next to Applies to, leave the default All, as you want the rules in this rule set to be processed in all cycles of web filtering on Secure Web Gateway.

      clipboard_ec638e54ebd7fa01f15ef0caa3b09f1d5.png

  5. Click the settings icon to view or the settings for this rule set or to configure them. The settings that are currently in use are shown as selected in a panel on the right. 

    For this rule set, the settings shown below for malware filtering and displaying download progress are used by default. 

    clipboard_e51e181bc5a50018b857bf3cff3a8edc3.png

    To view or edit these settings, place your pointer over the line with a setting, for example, Trellix IVX Cloud, then click the View/Edit button that appears.

    The selected setting is shown with its options in a panel on the right. The Trellix IVX Cloud setting provides an option for configuring an API key. Before you add a rule set, you need to make sure the API key is entered correctly, as the feature must work.

    clipboard_eb744d24ef657938d7325241c3c884655.png

    Settings that are implemented by default can only be viewed, not edited.

    To modify the settings that are used for a rule set, create settings of your own and configure them as needed. Then select them from the settings list on the panel, where they are shown after you have created them. The rule set will then use your settings.

    Later on, you can still edit your settings whenever you want to.

  6. Configure the rules that are preset in this rule set as needed. They are shown under Preset Rules.

    • Under Trellix IVX Cloud, configure the rules that allow requests for web access to skip malware filtering with Trellix IVX Cloud or restrict it.

      • Enable or disable the rule for submitting a request to Trellix IVX Cloud based on the malware probability that has already been found for it using the Gateway Anti-Malware (GAM) scanning engine. 

        When the rule is enabled, a request is only submitted if this probability is higher than 60.

        clipboard_eee833f9789f77819d1b63135603a1d1d.png

      • Configure the rules that allow requests for web access to skip additional malware filtering with Trellix IVX Cloud based on web objects that are related to a request, for example, user agents or domains.

        clipboard_e74525119c266e3c810c3e14c10df02f2.png

        Enter these objects in the lists that are used by the rules. To access a list that is being used by a rule, click the blue rule name or click the three dots at the end of the line with the rule and select Edit List from the menu that appears.

        clipboard_e203d1b43fbfb1d3c104d27cae5b94576.png

        The list appears in a panel on the right.

        clipboard_ea3b3111059fcd5b9fb26b48f49460edb.png

        To fill list items in the list, click Actions. Then select, for example, Add New Items from the menu that appears and enter, for example, a regular expression as a new item in the list.

        clipboard_e9f1489c31de2001d7c0fd608cfde7653.png

        Repeat this for more new items as needed, then click Save

        If you click the three dots at the end of the line for a rule, you can also work with options for configuring the use of a different list or for creating your own list.
         

    • Under Media Type, configure the rules that allow requests for web access to skip malware filtering with Trellix IVX Cloud or enforce it based on media types.

      clipboard_eaf62d2fc62b569208927f19d85f4ee2b.png

      Enter these media types in the lists that are used by the rules. Work with the options for list handling as explained under substep a.

    • Enable or disable the rule that requires processing to wait until the results provided by the malware scanning engines are available.

      clipboard_e8fece2b8ac9aaa86a5a1dcb0242d14d9.png

    • Configure the rule that blocks a request if a virus or other malware was found in the file or other web object that access was requested to. This rule is enabled by default. You cannot disable it.

      clipboard_e8c92b8eac805c9e472ebd1072bab76a0.png

      You can configure a setting for this rule to show a particular End User Notification Page in the user's browser when a request is blocked by this rule. Click the three dots at the end of the line and then Select Block Setting.

      clipboard_e3644e347e59dd42e3c2ef6ec14b49a0b.png

      A list of settings for different End User Notification Pages is shown in a panel on the right. Scroll down to view the setting that is configured by default. It is the Virus Found setting.

      clipboard_e984178e60b799587e866fcecc033829a.png

      You can keep the default setting or select a different one, for example, a setting that you have created on your own.

You have now configured the process that is performed on Secure Web Gateway for additional malware filtering with Trellix IVX Cloud.

  • Was this article helpful?