Test File Inspection

After setting up Umbrella, we recommend that you check your configured Umbrella Web policy. You can evaluate a Web policy with File Inspection enabled by pointing your browser to one of our test files.

Note: To only evaluate a Web policy, you must disable all Umbrella DNS security categories for your identities.


  • A device enrolled in an Umbrella policy with File Inspection enabled.


  1. Browse to one of the Umbrella EICAR test files.
Test FileDescription Umbrella clear text test file. Umbrella encrypted test file. AMP clear text test file. AMP encrypted test file.
  1. After loading a File Inspection test file, you should see a block page. Diagnostic information includes details about which server the file went through. If you do not see a block page, see Troubleshoot File Inspection.

Block Page Diagnostic Information

The Umbrella block page diagnostic information identifies the hostname of the reputation authority. When proxying a domain or URL, Umbrella evaluates the destination in two phases.

  1. Umbrella receives a request and checks the reputation of the domain or URL. If the destination is known to be malicious, Umbrella blocks the request and displays a block page. The block page diagnostic information lists the Server as nginx.
  2. Next, Umbrella checks if a destination matches a security category or is blocked by a rule in the Web policy. If a destination is not blocked, then Umbrella retrieves any requested content from the URL. Umbrella scans the requested files by file inspection (antivirus and AMP). If a file is malware, Umbrella returns a block page. The block page diagnostic information lists the Server as mps.

Enable Threat Grid Malware Analysis < Test File Inspection > Troubleshoot File Inspection