- Small. Files that are less than 5 MB in size.
- Large. Files that are 5 MB to 2 GB in size.
- Huge. Files that are more than 2 GB in size.
In a policy, you select the action that’s associated with large and huge file types. By default, with inline payload analysis, small files (files that are less than 5 MB) are always scanned inline or before the file is downloaded.
|Small||Inline Scanning||Scans files or website content before end users see downloaded content. In ETP, this action is available for small files (files that do not exceed 5 MB). For more information, see Inline payload analysis.|
|Large||Block - Error Page||Blocks the end user from downloading the file. When a download is attempted, the end user is presented with a custom error page to indicate that the operation is not allowed.|
|Allow and Scan||Scans large files up to 2 GB with static malware
analysis. This action:
By default, this action is enabled for large files. For more information, see Static malware analysis of large files.
You can also enable dynamic analysis to scan files that are up to 64 MB in size within a sandbox environment, see Dynamic malware analysis
To scan large files, your organization must be licensed for Advanced Sandbox.
|Allow||Allows the end user to download the file. No file scanning occurs.|
|Huge||Block - Error Page||Blocks the end user from downloading the file. When a download is
attempted, the end user is presented with a custom error page.
By default, this action is enabled for huge files.
Note: Some web servers use HTTP streaming without providing file size when the download begins. In this case, ETP starts the download process, but it cancels and blocks the download of a huge file in the middle of the process based on this policy action. No error page is shown in this situation.
|Allow||Allows end users to download the file. No file scanning occurs.|