For the Web policy, File Inspection is enabled through a ruleset. File Inspection uses Cisco's Advanced Malware Protection (AMP) as well as Umbrella's antivirus engines to scan for malicious files. Once inspections are complete, a file is either delivered or the connection is terminated and the user is served the IP of the block page.
Note: You must first enable File Inspection before you can enable Threat Grid Malware Analysis.
Once you have enabled File Inspection, to monitor and review Umbrella's inspection activities, use the Security Activity and Activity Search reports. For more information, see Review File Inspection Through Reports.
Before You Start — Install a Root Certificate
A root certificate must be installed on all machines. For more information, see Manage Certificates.
By default, File Inspection is enabled.
- Navigate to Policies > Management > Web Policy and click Add or expand an existing ruleset.
- Under Ruleset Settings, for File Analysis, click Edit.
- Enable File Inspection and click Save.
- For HTTPS Inspection, click Edit and select Enable HTTPS Inspection.
Note: Although not required, we recommend enabling HTTPS Inspection.
- From the pull-down menu, optionally select a preconfigured Selective Decryption List.
This preconfigured Selective Decryption List contains content categories and domains to be exempted from HTTPS inspection for the ruleset.
Updated 14 days ago