How to exempt destinations from Malware scanning in UPE setup.
search cancel

How to exempt destinations from Malware scanning in UPE setup.

book

Article ID: 220711

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

How do we bypass destinations from Malware scanning (CAS) when the WSS policy is managed from the Management Center.

Certain websites are not loading due to malware scanning and need to be bypassed from the scanning.

Resolution

There are two ways to bypass anything from Malware Scanning from the MC VPM.

  1. From the VPM Web Content Layer where the default scanning policy is defined.
  2. From a CPL Layer using CPL policy.

To bypass destinations from the same Web Content Layer where you have defined the default scanning rule, follow the steps below;

  1. Add a new rule and place it above the default scanning rule.
  2. Set the Destination as a “Combined Destination Object” and add all the destination that you would like to bypass from the scanning.
  3. Set the Action as None and select the appropriate Enforcement Domain (WSS or Universal)
  4. Install the policy and push the policy to WSS.

To bypass destinations using CPL policy, follow the steps below;

  1. Add the following CPL policy into an existing or new CPL Layer.
  2. Make sure the CPL Layer is placed after the Web Content Layer with the default scanning policy.
  3. Save the policy and push the policy to WSS.
#if enforcement=wss

<Cache>
condition="Scanning Exemption" response.icap_service(no)
 response.icap_service.secure_connection(auto)

define condition "Scanning Exemption"
url.domain=www.example.com
url.domain=www.another.example
end condition "Scanning Exemption"

#endif