Exempt a Destination From Malware Scan

book

Article ID: 171419

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

The Symantec Web Security Service (WSS) is designed to block the types of websites that are a source of viruses, malicious content, and spyware (drive-by bots). The default and unalterable Content Filtering policy prevents access to malicious content websites. Default blocked categories are located in the following sub-groups:

  • Security > Security Concerns: Spam
  • Security > Security Threats: Malicious Outbound Data/Botnets, Malicious Sources/Malnets, Phishing, Proxy Avoidance
  • Legal Liability > Liability Concerns: Child Pornography

No additional configuration is required. The WSS does enable you to designate trusted sources and the destinations that are never scanned for malware.

You can exempt:

  • Specific IP addresses and subnets—Use Case: Your employees routinely access information that is stored on an external server that isn't otherwise connected to the Internet.
  • Domains/URLs—Use Case: Your employees routinely access information from a secure partner site.
  • Categories—Use Case: You have a collection of categories that you want to be scanned only for risky files.
  • Web Applications—Use Case: You feel financial applications, such as E*Trade, do not require malware scanning.

Environment

The following screenshot is an example of an exception page of a website that is categorized as Proxy Avoidance:

Proxy avoidance is blocked in the Permanently Blocked Categories (G3 global rule).

 

 

Resolution

  1. In Solutions Mode, select the Threat Protection > Policy tab > Trusted Destinations

  1. Click on New Button and select Domain/URL

  1. Add the domain/URL. In this case "vpngate.net" and click on Add Domains/URLs

  1.  Click on Save button

 

  1. Click on the Activate button at the top of the page.

  

You can now access the site www.vpngate.net. In this case, we recommend the creation of a new policy in Content Filtering Rules. This policy restricts the access to only certain users, groups or access method for this bypassed URL.

 

Attachments