For Web policies, File Inspection uses Cisco's Advanced Malware Protection (AMP) as well as Umbrella's antivirus engines to scan for malicious files. Once inspections are complete, a file is either delivered or the connection is terminated and the user is served the IP of the block page.
Note: You must first enable File Inspection before you can enable Threat Grid Malware Analysis.
Once you have enabled File Inspection, to monitor and review Umbrella's inspection activities, use the Security Activity and Activity Search reports. For more information, see Review File Inspection Through Reports.
Before You Start — Install a Root Certificate
A root certificate must be installed on all machines. For more information, see Manage Certificates.
File Inspection can only be enabled through the policy wizard.
- Navigate to Policies > Management > Web Policies and click Add or expand an existing policy.
- Under What Would You Like to Do, select File Analysis.
- Navigate through the wizard to HTTPS HTTPS and enable HTTPS Inspection.
- Continue through the policy wizard to the File Analysis step and enable File Inspection.
Updated 7 months ago