Configure the Scanning Engines
Several scanning engines are available for scanning web objects as part of the anti-malware filtering process, depending on what licenses you have purchased. You can configure their settings if you do not want to use them in the default way.
-
Access an instance of the Anti-Malware settings.
-
Select Policy | Settings.
-
On the settings tree, navigate to the Anti-Malware settings and select one of the settings instances that are available, for example, the Gateway Anti-Malware settings.
-
NOTE: You can also access an instance of the Anti-Malware settings from within a suitable rule or from the key elements view of the Gateway Anti-Malware default rule set.
2. Under Select Scanning Engines and Behavior, select one of the following options for using scanning engines in different combinations:
At the end, make a choice on whether scanning will continue or not after one of the scanning engines has detected a virus or other malware.
| Option | Definition |
|---|---|
|
Full Skyhigh Security coverage: The recommended high-performance configuration |
When selected, the Skyhigh Security Gateway Anti-Malware engine and the Skyhigh Security Anti-Malware engine are active. Web objects are then scanned using: Proactive methods + Virus signatures If you are running Secure Web Gateway with a license for Skyhigh Security Gateway Anti-Malware in addition to the one for Secure Web Gateway itself, this option is selected by default. |
|
Layered coverage: Full Skyhigh Security coverage plus specific Avira engine features — minor performance impact |
When selected, the Skyhigh Security Gateway Anti-Malware engine, the Skyhigh Security Anti-Malware engine, and, for some web objects, also the third-party Avira engine are active. Web objects are then scanned using: Proactive methods + Virus signatures + Third-party engine functions for some web objects |
|
Duplicate coverage: Full Skyhigh Security coverage and Avira engine — less performance and more false positives |
When selected, the Skyhigh Security Gateway Anti-Malware engine, the Skyhigh Security Anti-Malware engine, and the third-party Avira engine are active. Web objects are then scanned using: Proactive methods + Virus signatures + Third-party engine functions |
|
Skyhigh Security Anti-Malware without mobile code scanning and emulation |
When selected, only the Skyhigh Security Anti-Malware engine is active. Web objects are then scanned using: Virus signatures This is the option that you must select when running Secure Web Gateway with a license for Secure Web Gateway only, but without a license for Skyhigh Security Gateway Anti-Malware. The Skyhigh Security Gateway Anti-Malware license includes a license for Avira. |
|
Avira only: Only uses Avira engine — not recommended |
When selected, only the Avira engine is active. Web objects are then scanned using: Third-party engine functions |
|
Skyhigh Security Advanced Threat Defense only: Send files to an MATD appliance for deep analysis through sandboxing |
When selected, only scanning by Advanced Threat Defense is active. |
|
Stop virus scanning right after an engine detected a virus |
When selected, all engines stop scanning a web object as soon as one of them has detected an infection by a virus or other malware. |
3. Click OK to close the window.
If you select the Avira only option for scanning web objects, we recommend renaming these settings to indicate that a key value has changed.
You might, for example, change the settings name from Gateway Anti-Malware to Avira Anti-Malware. Instead of renaming the settings, you might also create the Avira Anti-Malware settings as an additional settings instance to have different settings instances with different names and values available for configuring rules.