About the Malware Protection Policy
Zscaler recommends that you do not change the default policy.
The Zscaler service uses an industry-leading AV vendor for signature-based detection and protection so it can provide comprehensive anti-virus protection. In addition to anti-virus and anti-spyware blocking, the service uses “malware feeds” from its trusted partners; such as Microsoft and Adobe; as well as its own technologies to detect and block malware.
The Malware policy applies globally, to all an organization's locations. Zscaler recommends that you do not change the default policy.
For information on the order in which the service enforces all policies, including this policy, see How does the Zscaler service enforce policies?
Viewing the Malware Protection Policy
To view the malware protection policy:
- Go to Policy > Web > Malware Protection.
- Zscaler recommends that you do not change the default settings of the Malware Protection policy, to ensure the security of your user traffic.
The recommended Malware Protection policy, shown below, specifies the following:
- Inspect inbound and outbound traffic
The Zscaler service scans HTTP (and HTTPS traffic if SSL inspection is enabled) in real time. It scans every byte of every file even if it is compressed (up to five layers of recursive compression). It scans traffic, coming in to your network as well as traffic from inside your network addressed to external destinations, for malicious content.
- Block against all of the following threats:
- Viruses: Programs that cause damage to systems and data.
- Unwanted Applications: Unwanted files that are also downloaded when users download a program they want.
- Trojans: Malware programs that are presented as beneficial or useful.
- Worms: Programs that duplicate themselves to spread malicious code to other computers.
- Adware: Files that automatically render advertisements/install adware.
- Spyware: Files that covertly gather information about a person or organization.
Configuring Security Exceptions for Malware Protection
- Go to the Security Exceptions tab:
- Password-Protected Archive Files, specifically, ZIP and RAR files, are allowed by default. Click Block to stop users from uploading or downloading these files.
- Unscannable Files are allowed by default. The service may not be able to scan some files due to unrecognized file format, excessive size, or recursively compressed. It allows users to upload and download these files. If you block users from downloading or uploading unscannable files, the service presents a notification in the user's browser specifically stating that the password-protected or unknown file could not be scanned by the AV application and that the entire transaction failed.
- Under Do Not Scan Content from these URLs, list the URLs you don't want the service to scan. These URLs will be whitelisted for Malware Protection.
Note that this applies to other web security policies as well, including Advanced Threats Protection and Sandbox. See How do I whitelist URLs?
- Click Save and activate the change.