IntelligentAV uses artificial intelligence and machine learning to identify and block known and unknown malware. Because it does not rely on signatures, IntelligentAV can prevent common and unknown (zero-day) threats.
These Firebox models support IntelligentAV:
- Firebox M Series (except M200/M300)
- Firebox Cloud
Firebox Cloud and FireboxV instances must have at least 4 GB of memory to use IntelligentAV.
IntelligentAV operates with all proxies supported by Gateway AntiVirus and can scan these file types:
- Microsoft Office documents (.doc, .docx, .xls, .xlsx, etc.)
- Windows portable executable (PE) files (.exe, .dll, etc.)
- PDF documents (.pdf)
- Mach-O formatted files (Mac executables)
- ELF binaries (Linux executables)
About Gateway AntiVirus and IntelligentAV
When IntelligentAV is enabled, Gateway AntiVirus uses two scan engines that work together to increase the ability of the Firebox to detect and block malware before it can enter your network.
First, Gateway AntiVirus scans files with its anti-malware engine. If Gateway AntiVirus identifies a file as malicious, the Firebox does not send it to IntelligentAV because an issue is already identified. If Gateway AntiVirus does not detect a virus and IntelligentAV is enabled, IntelligentAV scans the file and returns one of these results:
When IntelligentAV identifies a file as malicious, the Firebox takes the action specified by the When a virus is detected Gateway AntiVirus rule in the proxy action. The Firebox also generates a log message with the text virus="malicious".
When IntelligentAV identifies a file as suspicious, the Firebox generates a log message with the text info="suspicious" but does not take a Gateway AntiVirus action. In Fireware 12.3.1 and higher, if the APT Blocker and DLP subscription services are enabled, they scan the suspicious file.
When IntelligentAV does not identify a file as a threat, the Firebox does not take a Gateway AntiVirus action.
IntelligentAV File Exceptions
IntelligentAV does not scan files that are on the File Exceptions list.
For more information, see Configure File Exceptions.
View IntelligentAV Statistics
From Firebox System Manager, you can see statistics on current IntelligentAV activity on the Firebox. For more information, see IntelligentAV Statistics.
From Fireware Web UI, you can see statistics on current IntelligentAV activity on the Dashboard > Subscription Services page. For more information, see Subscription Services Status and Manual Signatures Updates.