Risky domains and file sharing domains

When ETP Proxy is enabled in the policy, options for risky and file sharing domains appear.

  • Risky Domains: Domains that are newly registered, discovered, or potentially malicious.
  • File Sharing: Domains of file sharing applications and services. Specific file sharing services and applications are associated with this option. For more information see Scan file sharing downloads for malware.

You can select one of these actions:

  • Allow. Traffic is directed to its destination unless ETP Client is deployed on the user's machine. If ETP Client is set up for the full web proxy, traffic is directed to the proxy. This action is useful to organizations that want to forward some user traffic to ETP Proxy while still allowing other users to access content directly. For example, you may want to allow users who are not set up with the client to access files in a file sharing service.
  • Classify. ETP proxy scans requests, responses, threat URLs, and performs payload analysis on the downloaded files based on the policy settings. When a threat is detected, the threat is assigned the category and the policy action of the corresponding threat category. For example, if a phishing threat is detected, the threat is assigned the policy action of known phishing threats.
  • Bypass. Domains bypass ETP Proxy and are directed to their destination.

To further analyze requests to risky domains or scan downloaded files in a file sharing application, inline payload analysis is required. Inline payload analysis is available to organizations that are licensed for ETP Advanced Threat. For more information, see Payload analysis.