Advanced file analysis qualified file

A file that qualifies for advanced file analysis:

  • Is not classified as “malicious” in the Forcepoint URL Database.
  • Passes all selected Security Threats: File Analysis analytics.
  • Fits the Forcepoint Security Labs profile for suspicious files.
  • Is a supported file type. Executable files are always supported. See this knowledge base article for a list of supported file types.
Note: Because the file was not detected as malicious, it was not blocked and has been delivered to the requester. To receive advanced file analysis alerts, which is the mechanism used to send information about files found to be malicious by analysis, you must enable and configure email or SNMP alerts.
  1. Go to Settings > Alerts > Enable Alerts.
  2. Select Enable email alerts and specify an Administrator email address.
  3. Confirm that your SMTP settings are correct.
  4. Select Enable SNMP alerts and provide information about your SNMP Trap system.
  5. Enable Advanced File Analysis Alerts on the Settings > Alerts > Suspicious Activity Alerts page.
Important:

The Content Gateway web proxy manages traffic sent to Forcepoint Advanced Malware Detection for Web.

Traffic is sent to:
  • *.websense.net
  • *.blackspider.com

The User-Agent is ssbc.

Traffic sent to the cloud-based service must not be subject to man-in-the-middle decryption, and cannot be challenged for authentication by any device in the network.

Filter.config rules are configured, by default, in Content Gateway. If Content Gateway is in a proxy chain or behind a firewall, those devices may have to be configured to meet the requirements described above.

To verify that Forcepoint Advanced Malware Detection for Web is properly configured, use the Real-time Analysis Test Pages section of the following website:

http://testdatabasewebsense.com/