Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Anti-Malware

When users attempt to access web objects that are infected by viruses and other malware, these attempts are blocked under Secure Web Gateway. The rules of the rule set for anti-malware filtering are implemented for this blocking. They prevent, for example, downloads of infected files.

To find out whether a web object is infected, it is scanned by a scanning engine such as the Gateway Anti-Malware (GAM) engine.

This rule set is enabled by default, but you can configure exceptions for web objects that you consider safe to access. Requests to access them are then allowed to skip anti-malware filtering, including the scanning by a scanning engine, which means resources are not consumed unnecessarily.

  1. On the user interface for Secure Web Gateway, select Policy > Web Policy > Policy.

  2. From the policy tree, select Threat Protection > Anti-Malware.

  3. Under These rules will apply to all traffic, leave the default scope, which applies the rules in this rule set to all web traffic, or click Edit and select criteria to limit this scope. You can limit the scope, for example, to depend on location or client IP addresses.

  4. Enable or disable the rules that are displayed here as needed to specify where not to apply anti-malware filtering. The rules allow you to specify the following:

    • User agents

      A user agent is a device that enables a user to interact with the web, for example, a web browser. In a request for web access, information about  the user agent is provided in the User-Agent header of the request.

    • Domains, hosts, and URLs

    • Transfer size

    • Private applications

      Private applications can only be included in the configuration if you have purchased a license for Skyhigh Private Access.

  5. To enter user agents, domains, private applications, and other web objects in lists for use in the rules, click the relevant rule or . . . (three dots) next to it. Then work with the options for list handling that are provided.

    Anti-malware filtering is skipped for a request if one of the items in the lists is involved in it, for example, if a request was sent using a particular user agent or access to a particular domain was requested.

    For the transfer size, click the rule and specify the amount of transferred data (in MB) that must not be exceeded when a request or a response to it from a web server are forwarded. If it is exceeded, anti-malware filtering is skipped.

The anti-malware filtering process now follows what you have configured for its rules.

You can further fine-tune this process by modifying the settings for the Anti-Malware for GAM feature. For example, you can change the combination of scanning engines that run in the process.

To access these settings, click the settings name next to Current Configuration on the right. 

  • Was this article helpful?