Selecting traffic for anti-malware scanning
The File Filtering Policy used on the engine policy determines which traffic is inspected for malware.
Activating the scanning always also activates deep packet inspection for the same traffic (the traffic is also checked against the Inspection rules). You can deactivate the anti-malware scanning if the download source is trusted and the download process takes too long. You must define the services individually in the Service cell to enable deep inspection and anti-malware scanning for them.
To not scan for certain destinations, create a more specific IPv4 Access rule before a more general one that does not have the file filtering option defined.
For some content delivered through HTTP or HTTPS, anti-malware scanning might not be feasible. For example, you might want to prevent videoconferencing sessions from being scanned for malware, to avoid any increase in latency.