Enable static malware analysis of large files

Before you begin

To set up ETP Proxy, you must create and distribute a certificate to devices and TLS clients in your network. For more information, see ETP Proxy as a TLS intermediary.

Complete this procedure to scan large files or files that are 5 MB to 2 GB in size after they are downloaded. These files are scanned while they are in a static or inactive state.
Note: To enable or use this feature, your organization must be licensed for Advanced Sandbox.

How to

  1. In the navigation menu, select Configuration > Policies.
    Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Policies > Policies.
  2. If you are adding a new policy:
    1. On the Policies page, click the plus sign icon.
    2. Enter a name and description for the policy in the Name and Description field.
    3. To configure a policy with settings from a predefined template, select one of these templates and click Continue:
      • Strict. Contains settings that block known and most suspected threat categories. Select this template to apply settings that are a best practice for a policy.
      • Monitor-only. Logs and reports threats but it does not block them. This template is ideal for testing or assessing policy impact before using the Strict template. This template assigns the monitor policy action to all known and suspected threat categories.
      • Custom. Lets you define policy actions for known and suspected threats.
    4. To assign a location, click the link icon, select a location or multiple locations, and click Associate.
  3. If you are modifying a policy, click the name of the policy that you want to edit or click the edit icon that appears when you hover over the policy.
  4. Click the Settings tab.
  5. In the Proxy Settings area, toggle Enable Proxy to on.
  6. Toggle Enable Inline Payload Analysis to on.
  7. For downloads that range from 5 MB to 2 GB in size (large files), select the Allow and Scan to enable static malware analysis. For more information, see Static malware analysis of large files.
  8. In the Threat tab, select policy actions for threat categories. For more information on policy actions, see Policy actions for lists and threat categories.
  9. To assign a list to a policy, see Add a list to a policy.
  10. In the Acceptable Use Policy tab, select the block action to block websites in any of these categories or subcategories. To allow websites or content in these categories or subcategories, make sure the block action is not selected.
  11. Click Save.

Next steps

Deploy the policy to the ETP network. For instructions see Deploy configuration changes.