Enable dynamic malware analysis

Before you begin

To set up ETP Proxy, you must create and distribute a certificate to devices and TLS clients in your network. For more information, see ETP Proxy as a TLS intermediary.

Complete this procedure to enable dynamic malware analysis. Dynamic malware analysis allows you scans files that are up to 64 MB in size in a secure sandbox environment.

To enable this feature, your organization must be licensed for the Advanced Sandbox module. For more information, contact your Akamai representative.

How to

  1. In the navigation menu, select Configuration > Policies.
    Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Policies > Policies.
  2. If you are adding a new policy:
    1. On the Policies page, click the plus sign icon.
    2. Enter a name and description for the policy in the Name and Description field.
    3. To configure a policy with settings from a predefined template, select one of these templates and click Continue:
      • Strict. Contains settings that block known and most suspected threat categories. Select this template to apply settings that are a best practice for a policy.
      • Monitor-only. Logs and reports threats but it does not block them. This template is ideal for testing or assessing policy impact before using the Strict template. This template assigns the monitor policy action to all known and suspected threat categories.
      • Custom. Lets you define policy actions for known and suspected threats.
    4. To assign a location, click the link icon, select a location or multiple locations, and click Associate.
  3. If you are modifying a policy, click the name of the policy that you want to edit or click the edit icon that appears when you hover over the policy.
  4. Click the Settings tab.
  5. In the Proxy Settings area, toggle Enable Proxy to on.
  6. If you enabled the proxy, toggle Enable Inline Payload Analysis to on. If your organization is licensed for Advanced Sandbox, complete these steps to define how large, risky files are handled:
    1. For downloads that range from 5 MB to 2 GB in size (large files), select the Allow and Scan action.
    2. Toggle Dynamic Analysis to on.
  7. In the Threat tab, select policy actions for threat categories. For more information on policy actions, see Policy actions for lists and threat categories.
  8. To assign a list to a policy, see Add a list to a policy.
  9. In the Acceptable Use Policy tab, select the block action to block websites in any of these categories or subcategories. To allow websites or content in these categories or subcategories, make sure the block action is not selected.
  10. Click Save.

Next steps

Deploy the policy to the ETP network. For instructions, see Deploy configuration changes.