After setting up Umbrella, we recommend that you check your configured Umbrella Web policy. You can evaluate a Web policy with File Inspection enabled by pointing your browser to one of our test files.

Note: To only evaluate a Web policy, you must disable all Umbrella DNS security categories for your identities.

Prerequisites

• A device enrolled in an Umbrella policy with File Inspection enabled.

Procedure

1. Browse to one of the Umbrella EICAR test files.

2. After loading a File Inspection test file, you should see a block page. Diagnostic information includes details about which server the file went through. If you do not see a block page, see Troubleshoot File Inspection.

Block Page Diagnostic Information

The Umbrella block page diagnostic information identifies the hostname of the reputation authority. When proxying a domain or URL, Umbrella evaluates the destination in two phases.

1. Umbrella receives a request and checks the reputation of the domain or URL. If the destination is known to be malicious, Umbrella blocks the request and displays a block page. The block page diagnostic information lists the Server as nginx.
2. Next, Umbrella checks if a destination matches a security category or is blocked by a rule in the Web policy. If a destination is not blocked, then Umbrella retrieves any requested content from the URL. Umbrella scans the requested files by file inspection (antivirus and AMP). If a file is malware, Umbrella returns a block page. The block page diagnostic information lists the Server as mps.

Enable Threat Grid Malware Analysis < Test File Inspection > Troubleshoot File Inspection