Exempt Files From Error Handling for password-protected archives
Article ID: 171415
Updated On:
Products
Cloud Secure Web Gateway - Cloud SWG
Issue/Introduction
Some files are rejected by ICAP error detection based on their type. For example, malware scanning routinely rejects password-protected archives. The Cloud SWG (formerly known as WSS) allows you to exempt specific file types from ICAP error handling and allow them to continue to the client.
Resolution
When Cloud SWG policy is managed from the portal:
- Go to https://portal.threatpulse.com and log in using your credentials.
- Select Policy > Content & Malware Analysis.
- Expand the Scanning Error Handling Section click Add Scanning Error Exemption. The portal displays the Exemption Rule dialog.
- (Optional) Select the Source click Add; click Next.
- (Optional) Select the Destinations and click Add; click Next.
- Select the file type for the rule by selecting "+ Add Error Type" (currently only Add Password Protected Archives) and click Save.
- Click Add Rule
- At the top right side of the page Click Activate Policy button in order to apply the Threat Protection Policy.
When Cloud SWG policy is managed from Management Center (UPE):
- In Management Center select Configuration > Policy
- Edit the policy that contains your ICAP scanning policy object and launch the Web VPM
- Change the ICAP scanning policy object fail behavior to Fail Open:
- Click the scanning policy to edit it
- Change the ICAP Failure Mode to Fail Open
- Copy the following CPL and paste it into the CPL layer that contains your malware rules. If you do not have existing malware rules in CPL, create a CPL layer:
- #if enforcement=wss
<proxy>
response.icap.error_code=password_protected Allow
request.icap.error_code=password_protected Allow
response.icap.error_code=any Deny
#endif
- #if enforcement=wss
- Click Save Policy
- Provide a save description and click Save
- Install the policy to the Target
Feedback
Yes
No
Powered by
