Contents

Configure File Exceptions

When you enable security services that scan content, the Firebox examines traffic and looks for suspicious files that contain threats such as viruses and malware.

In some cases, you might not want the Firebox to scan specific files. For example, if the Firebox incorrectly identifies a PDF document as a threat based on your security service settings, you might want to bypass future scans of the file and allow your users to download or open it.

You can use the File Exceptions list to specify files that you do not want to scan with these security services:

  • APT Blocker
  • Data Loss Prevention
  • Gateway AntiVirus
  • IntelligentAV

When the Firebox examines a file, it checks the MD5 hash of the file against the Files Exceptions list. If the file matches an entry in the list, the Firebox skips the relevant scans and either allows or drops the file, based on the selected action.

File Exception Actions

For each file exception, you can select one of these actions:

Allow

Allows the file to be downloaded or the email attachment to be delivered to the recipient.

Use this action for files that you always want to allow. For example, you could allow a file that triggers a false positive when scanned by IntelligentAV.

Drop

Denies the transaction (HTTP), drops the connection (FTP), or removes the attachment from the email before it is delivered to the recipient (SMTP/POP3/IMAP).

Use this action for files that you always want to reject. For example, you could immediately drop files that are known to contain malware.

For a file that matches a file exception, the Firebox performs the selected action immediately and does not scan the file with the relevant security services.

Find MD5 Hash Values

Files in the File Exceptions list are identified by an MD5 hash. An MD5 hash is a 32-character string that uniquely identifies a specific version of a specific file. Every time a file changes, its hash value also changes.

Some Gateway AntiVirus and APT Blocker log messages contain the hash value of the file that triggered the log event.

If you do not know the MD5 hash of a file that you want to add to the File Exceptions list, you can use a utility on your operating system to find it.

Add File Exceptions

Add file exceptions for any files that you do not want to scan with APT Blocker, Data Loss Prevention, Gateway AntiVirus, and IntelligentAV security services. You can add up to 1024 files to the File Exceptions list.

In Fireware 12.2.x, to go to the File Exceptions page, select Subscription Services > File Exceptions.

Update or Remove File Exceptions

You can update or remove files from the File Exceptions list. If you remove a file from the list, the next time the Firebox examines the file it will scan it with the relevant security services.

See Also

About APT Blocker

About Data Loss Prevention

About Gateway AntiVirus

About IntelligentAV

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search