File Security Actions
File Security Profile Actions
When creating File Rules within a File Security Profile (FSP), Actions must be applied to each File Matcher rule. File Matcher rules are processed in the order of rule priority as indicated by their numerical order in the File Rules column.
The following Actions can be applied to each File Matcher in an FSP:
| Action | Description |
|---|---|
| Allow | Allows the file to pass, logging the event and file information |
| Block | Blocks the file from passing, logging the event and file information |
| Fast Scan | This applies static analysis and hash-based malware scanning engines to files to look for matches to known malware. Fast Scan can be customized by adding specific file types and built-in scanning Dictionaries when the File Matcher is created/edited.This method of malware scanning has the least impact on the end user's experience. Files with malware detected are blocked and logged. |
| Deep Scan | This directs the matched file to the Atmos Sandbox engine, where the file is dynamically analyzed to detect deeply embedded malware that requires executing or opening the file to trigger an attack. The Atmos Sandbox engine enables dynamic analysis of files to detect deeply embedded malware that activates upon execution or opening. If malware is detected, the file is blocked and logged for further review. |
Reviewing Scan Results Using the Exploration Screen and Filters
Use the following steps to review Static and Dynamic scan results from the Exploration screen utilizing Filters.
Note
- The following example screenshots show scans where files were blocked via File Rules set up in a FSP as shown in the FSP screenshot below.
- Navigate to Insights > Exploration.
- Click the Filters dropdown and select Scan Engine, then select Static Scan, Dynamic Scan, and No Scan.
- Scroll up in the Filters dropdown and select Status, then select Success, Error, and Blocked.
- In the Filters dropdown, select Status Reason, then scroll through the options and select the status reason events that you want to review on the Exploration screen; for example, Malicious File Block and File Scan error. Click the Apply button.
- The list of events is filtered to display files that were scanned so you can easily find blocked files/events.
- Hover your cursor over the File Name of a blocked file to display a tool tip containing event details (see below).
- This example shows a Static Scan that has blocked a .zip file download:
- This example shows a Dynamic Scan that has blocked a .txt file download:
Editing/Deleting File Security Profile Actions
Note
- Note: The File Security Action is originally set when a new FSP is created – see Create a File Security Profile.
To edit an existing FSP File Matcher Action complete the following steps:
- Navigate to Policy > File Security.
- Select an FSP from the list of existing Profiles and click the Edit button.
- Locate the File Rule that you want to modify and select a new action from the Action dropdown menu, then click Submit. (To Delete an Action click the
icon, then click Submit.)
- Click Apply Changes
Updated about 1 month ago