When you enable security services that scan content, the Firebox examines traffic and looks for suspicious files that contain threats such as viruses and malware.
In some cases, you might not want the Firebox to scan specific files. For example, if the Firebox incorrectly identifies a PDF document as a threat based on your security service settings, you might want to bypass future scans of the file and allow your users to download or open it.
You can use the File Exceptions list to specify files that you do not want to scan with these security services:
- APT Blocker
- Data Loss Prevention
- Gateway AntiVirus
- IntelligentAV
When the Firebox examines a file, it checks the MD5 hash of the file against the Files Exceptions list. If the file matches an entry in the list, the Firebox skips the relevant scans and either allows or drops the file, based on the selected action.
File Exception Actions
For each file exception, you can select one of these actions:
Allow
Allows the file to be downloaded or the email attachment to be delivered to the recipient.
Use this action for files that you always want to allow. For example, you could allow a file that triggers a false positive when scanned by IntelligentAV.
Drop
Denies the transaction (HTTP), drops the connection (FTP), or removes the attachment from the email before it is delivered to the recipient (SMTP/POP3/IMAP).
Use this action for files that you always want to reject. For example, you could immediately drop files that are known to contain malware.
For a file that matches a file exception, the Firebox performs the selected action immediately and does not scan the file with the relevant security services.
Find MD5 Hash Values
Files in the File Exceptions list are identified by an MD5 hash. An MD5 hash is a 32-character string that uniquely identifies a specific version of a specific file. Every time a file changes, its hash value also changes.
Some Gateway AntiVirus and APT Blocker log messages contain the hash value of the file that triggered the log event.
If you do not know the MD5 hash of a file that you want to add to the File Exceptions list, you can use a utility on your operating system to find it.
Open Windows PowerShell and run a command in this format:
Get-FileHash C:\path\file.exe -Algorithm MD5
Open a terminal window and run a command in this format:
md5 /path/file.pdf
Access a terminal and run a command in this format:
md5sum /path/file.iso
Add File Exceptions
Add file exceptions for any files that you do not want to scan with APT Blocker, Data Loss Prevention, Gateway AntiVirus, and IntelligentAV security services. You can add up to 1024 files to the File Exceptions list.
In Fireware 12.2.x, to go to the File Exceptions page, select Subscription Services > File Exceptions.
- Select one of the following:
- Subscription Services > APT Blocker
- Subscription Services > Data Loss Prevention
- Subscription Services > Gateway AV
- Subscription Services > IntelligentAV
- Click File Exceptions.
The File Exceptions dialog box appears.
- Click Add.
The Add File Exception dialog box appears.
- In the File MD5 Hash text box, type the MD5 hash of the file you want to add.
- In the Description text box, type a description of the file. The description can be up to 64 characters.
- From the Action drop-down list, select the action you want to take for this file. The available actions are:
- Allow — Downloads the file or delivers it to the recipient.
- Drop — Drops the file or removes it from the email message before it is delivered to the recipient.
- To send a log message for this file exception, select the Log check box.
- Click OK.
The exception is added to the File Exceptions list. - Click Save.
- Select one of the following:
- Subscription Services > APT Blocker
- Subscription Services > Data Loss Prevention
- Subscription Services > Gateway AntiVirus > Configure
- Subscription Services > IntelligentAV
- Click File Exceptions.
The File Exceptions dialog box appears.
- Click Add.
The Add File Exception dialog box appears.
- In the File MD5 Hash text box, type the MD5 hash of the file you want to add.
- In the Description text box, type a description of the file.
- From the Action drop-down list, select the action you want to take for this file. The available actions are:
- Allow — Downloads the file or delivers it to the recipient.
- Drop — Drops the file or removes it from the email message before it is delivered to the recipient.
- To send a log message for this file exception, select the Log check box.
- Click OK.
The exception is added to the File Exceptions list. - Click Save.
Update or Remove File Exceptions
You can update or remove files from the File Exceptions list. If you remove a file from the list, the next time the Firebox examines the file it will scan it with the relevant security services.
- In the File Exceptions dialog box, select check boxes next to one or more File MD5 Hash values.
- To change the action the Firebox performs for the selected files, from the Quick Action drop-down list, select Allow or Drop.
- To turn log messages on or off for the selected files, from the Select Action drop-down list, select Enable Logging or Clear Logging.
- To remove the selected file exceptions, click Remove. Click Yes.
- Click Save.
- In the File Exceptions dialog box, select one or more files.
To select multiple rows, hold down the CTRL key.
- To change the action the Firebox performs for the selected files, from the Quick Action drop-down list, select Allow or Drop.
- To enable or disable log messages for the selected files, from the Quick Action drop-down list, select Enable Logging or Disable Logging.
- To remove the selected file exceptions, click Remove. Click Yes.
- Click OK.