Exempt Files From Error Handling for password-protected archives
book
Article ID: 171415
calendar_today
Updated On:
Products
Cloud Secure Web Gateway - Cloud SWG
Issue/Introduction
Some files are rejected by ICAP error detection based on their type. For example, malware scanning routinely rejects password-protected archives. The Cloud SWG (formerly known as WSS) allows you to exempt specific file types from ICAP error handling and allow them to continue to the client.
Resolution
When Cloud SWG policy is managed from the portal:
Go to https://portal.threatpulse.com and log in using your credentials.
Select Policy > Content & Malware Analysis.
Expand the Scanning Error Handling Section click Add Scanning Error Exemption. The portal displays the Exemption Rule dialog.
(Optional) Select the Source click Add; click Next.
(Optional) Select the Destinations and click Add; click Next.
Select the file type for the rule by selecting "+ Add Error Type" (currently only Add Password Protected Archives) and click Save.
Click Add Rule
At the top right side of the page Click Activate Policy button in order to apply the Threat Protection Policy.
When Cloud SWG policy is managed from Management Center (UPE):
In Management Center select Configuration > Policy
Edit the policy that contains your ICAP scanning policy object and launch the Web VPM
Change the ICAP scanning policy object fail behavior to Fail Open:
Click the scanning policy to edit it
Change the ICAP Failure Mode to Fail Open
Copy the following CPL and paste it into the CPL layer that contains your malware rules. If you do not have existing malware rules in CPL, create a CPL layer: