Policy Overview Parent topic

Deep Discovery Web Inspector integrates with a variety of powerful Trend Micro security filtering engines and technologies to scan web traffic coming in and out of your organization. Policy-related functionality allows you to control what happens to web traffic going through the Deep Discovery Web Inspector appliance.
Policies
You can create one or more policies to take action on specific network and user and group events reported by Deep Discovery Web Inspector. Policies are compared against incoming traffic in sequence, with the first policy that matches the traffic being applied. This provides flexibility while helping protect your network from advanced persistent threats and emerging unknown threats according to the configured policies.
You can configure risk-level actions for each policy that determines what happens for detections at each risk level. Possible actions are scan, allow, and block.
Control whether scans are performed on iOS and Android mobile device traffic by enabling or disabling scanning bypass for these device types.
HTTPS Inspection
You can manage HTTP Inspection by performing the following:
  • Configure HTTPS decryption rules that define which objects, users and groups, and URL categories Deep Discovery Web Inspector should decrypt for scanning. HTTPS traffic is encrypted, and must be decrypted before Deep Discovery Web Inspector can scan the traffic.
  • Manage digital certificates in Trusted, Untrusted, Invalid certificates stores and manage the exception list.
  • Manage HTTPS tunnels, which allow the tunneling of HTTPS traffic without decryption.
  • Manage fingerprint patterns used by Intelligent Decryption to determine whether traffic should be decrypted or not decrypted based on the fingerprint signature of the browser.
User Defined Settings
You can do the following with user defined settings:
  • Create and customize network and domain objects that you use in policies and HTTPS inspection rules.
  • Configure approved and blocked lists to control which domains, IP addresses, URLs, or file (SHA1)s are allowed or blocked without needing to scan them.
  • Manage notifications that are sent to users when a violation occurs while they are requesting network resources.