How to exempt destinations from Malware scanning in UPE setup.


Article ID: 220711


Updated On:


Web Security Service - WSS


How do we bypass destinations from Malware scanning when the WSS policy is managed from the Management Center.

Certain websites are not loading due to malware scanning and need to be bypassed from the scanning.


There are two ways to bypass anything from Malware Scanning from the MC VPM.

  1. From the VPM Web Content Layer where the default scanning policy is defined.
  2. From a CPL Layer using CPL policy.

To bypass destinations from the same Web Content Layer where you have defined the default scanning rule, follow the steps below;

  1. Add a new rule and place it above the default scanning rule.
  2. Set the Destination as a “Combined Destination Object” and add all the destination that you would like to bypass from the scanning.
  3. Set the Action as None and select the appropriate Enforcement Domain (WSS or Universal)
  4. Install the policy and push the policy to WSS.

To bypass destinations using CPL policy, follow the steps below;

  1. Add the following CPL policy into an existing or new CPL Layer.
  2. Make sure the CPL Layer is placed after the Web Content Layer with the default scanning policy.
  3. Save the policy and push the policy to WSS.

#if enforcement=wss


condition="Scanning Exemption" response.icap_service(no)



define condition "Scanning Exemption"         

end condition "Scanning Exemption"