Setting ATP scanning policy

Proxy policy

Setting up ATP scanning in proxy/inline policy for your cloud application, is same as configuring any other data pattern in a policy with minor difference. Malware scanning only applies to files during download or upload.

1. Add a new policy line or modify an existing policy line. Select into the Action column to open up the Action dialog.
2. In the Action dialog, you can then add a new policy line to either upload or download. Under Data Patterns look for and select the appropriate malware data pattern you are using.
   When you select the malware data pattern you have purchased under Data Patterns, you will notice that:

   • Block and Allow are the only available policy actions since Forcepoint ONE SSE will not attempt to open or modify the file.
     
     
     
   • The ActiveSync Mail (subject, Body) and Watermark fields are not supported and grayed out.

API Policy

Setting up ATP scanning in API policy for your cloud application, is same as configuring any other data pattern in an API policy with minor difference.

Once the API has been setup for an application with malware patterns, you will be able to configure policy actions for data at rest via the Cloud Policy Action dialog on the application. Add a new column to the Conditions, set it to Data Pattern equals your malware data pattern.

• Add a new a Conditions and set it to Data Pattern equals to your malware data pattern.
• Quarantine and Allow are the only available policy actions since Forcepoint ONE SSE will not attempt to open or modify the file. Forcepoint ONE SSE will pop up a warning message to suggest setting the action to quarantine.
  
  
  
• Typically when an API scan policy quarantines a file, it moves the file as-is directly to the quarantine folder. For a an ATP policy, the file will be zipped and encrypted with a default password of infected to prevent any other policy scans from attempting to open and analyze the file, thus infecting the system with malware.