HTTP Scan Policies

HTTP > Advanced Threat Protection > Policies

The Scan Policy list shows all HTTP scanning policies on the system—enabled as well as disabled. Click Add to create a new policy, or click a policy name to edit an existing one.  

• Enable virus scanning—Globally controls the enabled status of all policies; overrides the status of an individual policy. (Click Save after enabling or disabling virus scanning.)

• Enable Web Reputation—Globally controls the enabled status of all policies; overrides the status of an individual policy. (Click Save after enabling or disabling Web Reputation.) Web Reputation is enabled by default.

• Enable Bot Detection—enables the Bot Detection feature.

• Enable Advanced Threat Scan Engine—Checks files for less conventional threats, including document exploits. Some detected files could be safe and should be observed further and analyzed in a virtual environment.

• Add—Opens the Add Policy wizard that takes you through the steps to define a new policy.

• Policy Name—Click a name to edit the settings. Policy names that include references to the users or groups to which they apply (for example, “Virus Policy for Engineers” or “URL Filtering Policy for Researchers”) are easy to remember.
  
  Account fields should support IPv6 addresses. You can define one rule for any IPv6 host, and this policy rule is triggered when the client accesses the HTTP sites through IWSVA.
  
  When selecting available policies, both IPv4 and IPv6 policies will appear. In the Account field, acceptable account entries include a single IPv6 address, an IPv6 range, or an IPv6 mask similar to what has been supported with IPv4.
  
  IWSVA supports the “Scan before delivering” feature with IPv6, and can automatically redirect the progress of IWSVA IPv6 or IPv4 addresses to the client based on the version of the client’s IP address.

• When a client uses an IPv4 address, IWSVA sends a redirect request with IWSVA’s IPv4 address.

• When a client uses an IPv6 address, IWSVA sends a redirect request with IWSVA’s IPv6 address.

• Priority—Sets the order of precedence — if two conflicting policies overlap in their scope, the policy with the higher priority (closer to 1) will be applied and the other ignored. MORE>>

  IWSVA Scan Policy evaluates a given Web request first by finding out which group, if any, the requesting client is a member of, and then by evaluating which policy or policies are in effect for that group.

  If the client is affected by more than one policy, the policy with the highest priority is applied.

• Note 1: The Scan Global Policy is the default policy. It automatically applies to all users, but also always takes the lowest priority. Any policy with a higher priority in the list will take precedence.

• Note 2: The Scan Guest Policy is only enabled once certain conditions have been met, and the guest machine logs on using a special port or enable guest access for user identification. See Guest Policy for details.  

• Deploy Policies—Click this button after creating or modifying a virus scan policy to have it take effect immediately.

See also:

• Virus Scan Rules

• Spyware/Grayware Scan Rules

• HTTP Scanning Action

• Guest Policies

• Proxy Scan Settings

• User Identification