Configuring file analysis

File analysis inspects files that users attempt to download or open remotely for viruses and other malicious content. File analysis returns a category to Filtering Service for policy enforcement.

There are 4 types of file analysis. They can be used together. Three types of analysis are done by Content Gateway.

Antivirus Scanning uses antivirus definition files to identify virus-infected files.
Rich Internet application scanning examines Flash files for malicious content.
FTP file scanning examines inbound FTP files for malicious content.

You can configure the specific types of files to analyze by clicking File Type Options.

Note: If file analysis is configured to include multimedia files, sometimes when the streaming media is buffered and analyzed, the connection to the server times out. In such cases, the best remedy is to create an exception for that site. See Configuring exceptions to Content Gateway analysis.

Use the Settings > Scanning > Scanning Exceptions page to specify untrusted or trusted sites that are always analyzed or never analyzed (Configuring exceptions to Content Gateway analysis).

Use the Settings > Scanning > Scanning Options page to enable and configure file analysis.

The fourth type of file analysis is Advanced File Analysis, which sends files that fit a profile defined by Forcepoint Security Labs to a configurable destination for activation and observation. If analysis finds a file to be malicious, an email alert is sent to the configured administrator that contains a description of the threat, a link to a detailed report, and a link to an investigative report built from your Log Database.

Advanced file analysis requires a Forcepoint Advanced Malware Detection solution. A full description is included in the step-by-step configuration section, below.