While a scanning run is being performed by Advanced Threat Defense, the results of this run can be used not only for processing the request that it was started for, but also for other requests to access the same web object.
To let the results of one scanning run be used for processing multiple requests, the requests must be received on Web Gateway while the scanning is still going on. Hash values are calculated internally on Web Gateway to determine whether a web object is the same as another object, so it can be decided whether requests for the same object are received.
To use the results of one scanning run for multiple requests to access the same object, you need to enable an option within the Gateway ATD settings for the Anti-Malware module (or engine). must be enabled. The name of this option is Re-use running task if same sample is being analyzed.
There is no preconfigured rule set in the default rule set system or the rule set library for using the results of one scanning run when multiple requests for the same object are received. You can, however, create suitable rules and a rule set for them on your own.