Malware Detection
Malware is distributed through various file formats. Skyhigh Security uses the Gateway Anti-Malware (GAM) engine, including Anti-Virus and GTI reputation service, to identify malicious content within web objects, such as web pages and executable files. The malware detection engine (GAM) and the Secure Web Gateway Opener support all common file types associated with malware for malware detection.
GAM detects infected or malicious content during the malware scanning process. Secure Web Gateway and GTI collect the telemetry data and transmit it to the GTI servers for advanced malware telemetry. This seamless data transmission occurs whenever Secure Web Gateway detects any malicious content.
NOTE: By default, the Skyhigh Security Cloud platform scans all types of files for malware. You can also scan specific file formats based on MIME type and file extensions.
Data Collection for Malware Detection
Secure Web Gateway collects the following types of data during the malware detection process to identify potential threats and enhance malware detection/analysis.
Data Type | Description |
---|---|
Product Name | Name of the security tool/product used for malware detection. For example, Secure Web Gateway. |
Version Number | Version number of the security tool/product used for malware detection. For example, 7.5.0. |
Timestamp | Date and time of malware detection. |
HTTP Method | The HTTP method used to request the URL. |
URL (User-Submitted) | URL submitted by the user, excluding username and password (if applicable), and URL parameters. |
Occurrence Count | Frequency of malicious content detection. |
Malware Name | Name or identifier of the detected malware. |
Content Type | Type of content associated with the detected malware. |
Content Hash | Hash value of the detected content. |
Content Length | Size or length of the detected content. |
HTTP Referrer Header | URL of the webpage from which a user navigated to the malware-infected webpage. |
HTTP User Agent Header | Information about the user's browser, device, and operating system. |
Supported File Formats for Malware Detection
Skyhigh Security supports various file formats to detect malware via any of its GAM, Anti-Virus, GTI, and SWG Opener components. Some of the file formats supported for malware detection are listed below.
File Format | Supported Version(s) | Extension(s) |
---|---|---|
Windows PE (Portable Executable) files | x32-bit and 64-bit executable files | EXE, DLL, SYS, OCX, CTL, COM, and more |
Microsoft Office |
All versions of Office XML and OLE2 formats |
|
Adobe Files | N/A | PDF, SWF |
7Zip | 4.57 | 7Z |
GZIP |
2 |
GZ |
Android Application Packages | N/A | APK |
Tape Archive | N/A | TAR |
WinZip | Through 10 | ZIP |
ARJ | N/A | ARJ |
Java Archive (Java, zip files) | N/A | JAR |
JavaScript and Visual Basic Script (both standalone or within web pages/documents) |
N/A | JS, VBS |
Image Files |
N/A |
JPG, JPE, JPEG, JIF, JFIF, JFI, PNG, TIF, TIFF |
50+ File Formats |
N/A | HTML, MSG, CMD, LINK, VBE, and more |
Non-Windows File Formats |
N/A |
|
Azure Information Protection (AIP)-supported File Formats |
N/A |
VSDX, BMP, XLT, VSDM, VDW, JIF, VSTX, TXT, PUB, XPS, VSTM, TIFF, MPP, JFI, PPSX, VSSX, PPSM, DNG, VSSM, XML, PSD, XLSX, VSDM, VSD, MPT, XLTM, DWFX, OXPS, XLTX, JPE, JT, VSS, VST |
Disable Data Collection for Malware Detection
You can disable the collection of data for malware telemetry by configuring the feedback settings for your appliance in Secure Web Gateway.
To disable data collection for malware telemetry:
- Go to Configuration > Appliances, and select the appliance.
- Click Telemetry.
- Make sure that Send feedback to Skyhigh Security about potentially malicious web sites is not selected.
- Click Save Changes.