Payload analysis
- Small. Files that are less than 5 MB in size.
- Large. Files that are 5 MB to 2 GB in size.
- Huge. Files that are more than 2 GB in size.
In a policy, you select the action that’s associated with large and huge file types. By default, with inline payload analysis, small files (files that are less than 5 MB) are always scanned inline or before the file is downloaded.
| File Type | Action | Description |
|---|---|---|
| Small | Inline Scanning | Scans files or website content before end users see downloaded content. In ETP, this action is available for small files (files that do not exceed 5 MB). For more information, see Inline payload analysis. |
| Large | Block - Error Page | Blocks the end user from downloading the file. When a download is attempted, the end user is presented with a custom error page to indicate that the operation is not allowed. |
| Allow and Scan | Scans large files up to 2 GB with static malware
analysis. This action:
By default, this action is enabled for large files. For more information, see Static malware analysis of large files. You can also enable dynamic analysis to scan files that are up to 64 MB in size within a sandbox environment, see Dynamic malware analysis To scan large files, your organization must be licensed for Advanced Sandbox. |
|
| Allow | Allows the end user to download the file. No file scanning occurs. | |
| Huge | Block - Error Page | Blocks the end user from downloading the file. When a download is
attempted, the end user is presented with a custom error page. By default, this action is enabled for huge files. Note: Some web
servers use HTTP streaming without providing file size when the
download begins. In this case, ETP starts the download process, but
it cancels and blocks the download of a huge file in the middle of
the process based on this policy action. No error page is shown in
this situation. |
| Allow | Allows end users to download the file. No file scanning occurs. |