Adding a Threat Protection Rule

Configure URL and file scanning settings to form a threat protection rule.

  1. On the Threat Protection tab, click Add.

    The Threat Protection Rule settings screen appears.

  2. Specify a unique name and a description for the rule.
  3. On the Web Reputation tab, configure the following settings.

    Setting

    Description

    Enable Web Reputation

    Click the toggle to determine whether to leverage Trend Micro Web Reputation Services to verify the credibility of websites.

    Security level

    • Select the security level for the Internet Access Gateway to block users from accessing URLs.

      Each security level comes with a description to help you make an informed decision.

    • Select whether to block websites that have not been tested by Web Reputation Services.

      Note:

      Enabling this feature may produce false positives.

  4. On the File Scanning tab, configure the following settings.

    The Internet Access Gateway does not scan files that meet the specified criteria and allows users to access these files.

    Setting

    Description

    Do not scan specified file types

    Select one of the configured file profiles from the drop-down list.

    The Internet Access Gateway does not scan the files that match the selected file profile.

    Do not scan files larger than

    Specify the size limit for file scanning.

    The Internet Access Gateway does not scan files that exceed the size limit.

    The file size limit cannot be greater than 2 GB.

    Do not scan files whose compression layers exceed

    Specify the maximum number of compression layers for file scanning.

    The Internet Access Gateway does not scan files that have more compression layers than the limit.

    The range is from 1 through 20, and the default value is 10.

    Allow unscannable files

    Select the check box to allow users to access unscannable files.

    A file may be unscannable because it is compressed with an unsupported file format, it is password protected, or it is corrupted.

  5. On the Advanced Scanning tab, configure the following settings.

    Setting

    Description

    Action to take upon detection of botnets

    Select whether to block or monitor web traffic when botnet activity is detection.

    • Block: The Internet Access Gateway blocks the web traffic.

    • Monitor: The Internet Access Gateway allows the web traffic but logs it for botnet activity monitoring and analysis.

    Enable Predictive Machine Learning

    Click the check box to enable scanning for emerging unknown security risks in files.

    When enabled, the Internet Access Gateway sends suspicious file features to the cloud-based Predictive Machine Learning engine that uses advanced analytics to detect unknown threats, and blocks access to the files if any unknown threat is detected.

    Action to take upon detection of suspicious objects

    Select whether to block or monitor suspicious objects per suspicious object type, or apply the action configured for each specific suspicious object in the Suspicious Object Management app.

    Internet Access retrieves the Suspicious Object List from the Suspicious Object Management app to identify suspicious IP addresses, URLs, domains, and files in your users' internet traffic.

  6. Click Save.