Enable anti-malware on the Secure SD-WAN Engine

To use anti-malware, you must enable the anti-malware feature in the Engine Editor.

The anti-malware settings in the Engine Editor allow you to set a schedule for downloading updates to the anti-malware database and change the settings for logging the malware found in network traffic.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Right-click an Secure SD-WAN Engine, then select Edit <element type>.
  3. In the navigation pane on the left, browse to Add-Ons > Anti-Malware.
  4. Select Enable.
  5. Select the log level from the Malware Log Level drop-down list.
    • The log levels are the same as used in Access rules.
    • If you selected Alert in the Malware Log Level drop-down list, select the Alert element from the list.
  6. In the Malware Signature Update Settings section, select how often the engine checks for updates to the anti-malware database.
    Note: The engine queries DNS servers to resolve the anti-malware database URLs. Define at least one DNS IP address on the General branch of the Engine Editor.
  7. Enter the URL of the anti-malware database mirror in the Mirror(s) field.
    The engines contact the mirror to update the anti-malware database. Separate multiple addresses with commas.
  8. Continue the configuration in one of the following ways:
    • If you have not yet defined when to use anti-malware inspection, edit the rules in the File Filtering Policy.
    • Otherwise, click Save and Refresh to transfer the changes.

Engine Editor > Add-Ons > Anti-Malware

Use this branch to enable and change settings for anti-malware checks on the Secure SD-WAN Engine.

Option Definition
Enable Enables anti-malware checks.
Malware Log Level The log level for anti-malware events.
  • None — Does not create any log entry.
  • Transient — Creates a log entry that is displayed in the Current Events mode in the Logs view, but is not stored.
  • Stored — Creates a log entry that is stored on the Log Server.
  • Essential — Creates a log entry that is shown in the Logs view and saved for further use.
  • Alert — Triggers the alert you select.
Alert When the Log Level is set to Alert, specifies the Alert that is sent.
Option Definition
Malware Signature Update Settings section
Update Frequency Defines how often the Secure SD-WAN Engine checks for updates to the anti-malware database.
  • Never — The Secure SD-WAN Engine does not check for updates. You must update the anti-malware database manually.
  • When Anti-Malware Daemon Starts — Checks when the anti-malware daemon starts. The daemon starts, for example, when the anti-malware feature is enabled or when the Secure SD-WAN Engine restarts.
  • Every Hour — Checks for updates once an hour.
  • Daily — Checks for updates once a day. Set the time of day.
  • Weekly — Checks for updates once a week. Set the day and time of day.
Option Definition
Malware Signature Mirror Settings section
Mirror(s) Enter the URL of the anti-malware database mirror that the Secure SD-WAN Engine contacts to update the anti-malware database. Separate multiple addresses with commas.
Use HTTP Proxy

(Optional)

Specifies that the Secure SD-WAN Engine uses an HTTP proxy to connect to the anti-malware database mirrors.
Host The IP address or DNS name of the HTTP proxy.
Port The listening port of the HTTP proxy.
Username The user name for authenticating to the HTTP proxy.
Password The password for authenticating to the HTTP proxy. By default, passwords and keys are not shown in plain text. To show the password or key, deselect the Hide option.