Exempt Files From Error Handling for password-protected archives
search cancel

Exempt Files From Error Handling for password-protected archives

book

Article ID: 171415

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Some files are rejected by ICAP error detection based on their type. For example, malware scanning routinely rejects password-protected archives. The Cloud SWG (formerly known as WSS) allows you to exempt specific file types from ICAP error handling and allow them to continue to the client. 

Resolution

When Cloud SWG policy is managed from the portal:

  1. Go to https://portal.threatpulse.com and log in using your credentials.
  2. Select Policy > Content & Malware Analysis.
  3. Expand the Scanning Error Handling Section click Add Scanning Error Exemption. The portal displays the Exemption Rule dialog.
    1. (Optional) Select the Source click Add; click Next.
    2. (Optional) Select the Destinations and click Add; click Next.
    3. Select the file type for the rule by selecting "+ Add Error Type" (currently only Add Password Protected Archives) and click Save.
  4. Click Add Rule
  5. At the top right side of the page Click Activate Policy button in order to apply the Threat Protection Policy.

 

When Cloud SWG policy is managed from Management Center (UPE):

  1. In Management Center select Configuration > Policy
  2. Edit the policy that contains your ICAP scanning policy object and launch the Web VPM
  3. Change the ICAP scanning policy object fail behavior to Fail Open:
    1. Click the scanning policy to edit it
    2. Change the ICAP Failure Mode to Fail Open
  4. Copy the following CPL and paste it into the CPL layer that contains your malware rules. If you do not have existing malware rules in CPL, create a CPL layer:
    • #if enforcement=wss
      <proxy>
       response.icap.error_code=password_protected Allow
       request.icap.error_code=password_protected Allow
       response.icap.error_code=any Deny
      #endif
  5. Click Save Policy
  6. Provide a save description and click Save
  7. Install the policy to the Target