Fail close & Fail Open Policies
The fail-close & fail-open policies are failure handling mechanisms, available with the AV scanner and the actions taken when the TIE has got no internet access.
Fail Open Policy: Enables scanning to be skipped and uploading to proceed in case of a failure during the scanning process. Relevant for both files and network requests. This also has got relevance, with "File Scanning Timeout (sec.)", specifies the timeout. If scanning takes more than the specified number of seconds, it will fail. In that case, file scanning will be skipped and the file will be uploaded if Fail Open Policy is selected.
Fail Close Policy: This is the opposite of the fail open policy.
While "bypassed" can be used to describe the fail open policy, "blocked" is used to describe the fail close policy.
In case of some failure in scanning the file (e.g. file size is bigger than max file size limit), then file will be blocked/bypassed according to ‘Fail Open Policy’ configuration in upload/download policy. When uploading multiple files via 1 post, each file will be assigned with a verdict. If all file verdicts are allow then all the files will be bypassed. If at least 1 file verdict is block then all files will be blocked. This is a simplified way to understand the concepts of the "Fail Open" and "Fail Close" policies.
For the entire transaction (request, response), there is 1 activity log which logs the transaction verdict in the 'Event properties'. The event logged is the last verdict that happened.
Meaning if request and response are bypassed the verdict logged is the response bypass with it's analyzed content type. The request analyzed content type won't be logged. Only if the request verdict is 'block' then the request analyzed content type will be logged. In case of multipart, if multiple files/data are blocked only 1 of the analyzed content types will be logged.