About IntelligentAV

IntelligentAV adds another layer of protection to the Gateway AntiVirus security service.

IntelligentAV uses artificial intelligence and machine learning to identify and block known and unknown malware. Because it does not rely on signatures, IntelligentAV can prevent common and unknown (zero-day) threats.

These Firebox models support IntelligentAV:

  • Firebox T40, T45, T80, T85
  • Firebox M Series (except M200/M300)
  • Firebox Cloud
  • FireboxV

Firebox Cloud and FireboxV instances must have at least 4 GB of memory to use IntelligentAV.

IntelligentAV operates with all proxies supported by Gateway AntiVirus and can scan these file types:

  • Microsoft Office documents (.doc, .docx, .xls, .xlsx, etc.)
  • Windows portable executable (PE) files (.exe, .dll, etc.)
  • PDF documents (.pdf)
  • Mach-O formatted files (Mac executables)
  • ELF binaries (Linux executables)

About Gateway AntiVirus and IntelligentAV

When IntelligentAV is enabled, Gateway AntiVirus uses two scan engines that work together to increase the ability of the Firebox to detect and block malware before it can enter your network.

First, Gateway AntiVirus scans files with its anti-malware engine. If Gateway AntiVirus identifies a file as malicious, the Firebox does not send it to IntelligentAV because an issue is already identified. If Gateway AntiVirus does not detect a virus and IntelligentAV is enabled, IntelligentAV scans the file and returns one of these results:

Malicious

When IntelligentAV identifies a file as malicious, the Firebox takes the action specified by the When a virus is detected Gateway AntiVirus rule in the proxy action. The Firebox also generates a log message with the text virus="malicious".

Suspicious

When IntelligentAV identifies a file as suspicious, the Firebox generates a log message with the text info="suspicious" but does not take a Gateway AntiVirus action. In Fireware 12.3.1 and higher, if the APT Blocker and DLP subscription services are enabled, they scan the suspicious file.

Clean

When IntelligentAV does not identify a file as a threat, the Firebox does not take a Gateway AntiVirus action.

Activate IntelligentAV

To activate IntelligentAV, you must Get a Firebox Feature Key and Manually Add or Remove a Feature Key.

IntelligentAV File Exceptions

IntelligentAV does not scan files that are on the File Exceptions list.

For more information, see Configure File Exceptions.

View IntelligentAV Statistics

From Firebox System Manager, you can see statistics on current IntelligentAV activity on the Firebox. For more information, see IntelligentAV Statistics.

From Fireware Web UI, you can see statistics on current IntelligentAV activity on the Dashboard > Subscription Services page. For more information, see Subscription Services Status and Manual Signatures Updates.

See Also

Enable IntelligentAV

Enable Gateway AntiVirus

Configure the IntelligentAV Update Server