While inline payload analysis allows ETP Proxy to scan files or website content that’s up to 5 MB in size, ETP Proxy cannot scan files that exceed 5 MB inline or before it's downloaded to the user’s browser. In ETP, you define how larger files are handled. You can allow or block the download of these larger files. If these files range from 5 MB to 2 GB in size, you can configure ETP Proxy to scan these files out of band or after they are downloaded to the browser.

Static malware analysis of large files scans files offline or after they are downloaded by the end user. Static malware analysis scans the code without running or executing it. This feature is enabled when you select the Allow and Scan action for large files. These files are scanned with the same static analysis engines as small files. If you want to analyze content when it’s executed in a secure, sandbox environment with dynamic scanners, see Dynamic malware analysis.

Files are scanned within a four hour period after download. If ETP Proxy detects malware, a threat event is reported in ETP. As part of the reported threat event, you can also download a deep scan report that includes more detailed information about the threat and what the scan detected.