Creating File Inspection Profiles
Use the Sky ATP File Inspection Profiles page to create profiles to define which files to send to the cloud for inspection.
Before you Begin
Read the File Inspection Profiles Overview topic.
Read the File Scanning Limits topic.
Note that if you are using the free version of Sky ATP, only executable files are scanned.
To configure file inspection profiles:
- Select Configure>Threat Prevention> Feed Sources.
The Feed Sources page appears.
- Under the Sky ATP tab, select a Sky ATP realm, right-click
or from the More list, select File Inspection Profiles.
The Sky ATP File Inspection Profiles page appears showing the existing file inspection profiles.
- Click the + sign to create new profiles.
The Create Profile page appears.
- Enter a name for the profile. (You can create multiple profiles for file inspection.)
- In the File Categories section, select the file categories
and the following actions from the list for each file category:
Do not scan—The file category will not be scanned.
Scan file up to max size—The maximum files size (up to 32MB) to scan. If a file falls outside of the maximum file size limit, the file is automatically downloaded to the client system.
Hash lookup only—Hash lookups are not recommended because, they are compared with the files that are already evaluated before.
See Table 1 for the list of file types for each category.
- Click OK.
Table 1: File Category Contents
All document types except PDFs
Java applications, archives, and libraries
Dynamic and static libraries and kernel modules
OS-specific update applications
PDF, e-mail, and MBOX files
Installable Internet Applications such as Adobe Flash, JavaFX, Microsoft Silverlight
Once the profile is created, use the set services advanced-anti-malware policy CLI command to associate it with the Sky ATP profile. For more details, see set services advanced-anti-malware policy.