Adding a threat protection rule

Procedure

1. On the Secure Access Resources screen, click the Threat Protection tab and then click Add.
   The Threat Protection Rule screen appears.
2. Specify a unique name and a description for the rule.
3. On the Web Reputation tab, configure the following settings.

   Setting	Description
   Enable Web Reputation	Click the toggle to determine whether to leverage Trend Micro Web Reputation Services to verify the credibility of websites.
   Security level	Select the security level for the Internet Access Gateway to block users from accessing URLs. Each security level comes with a description to help you make an informed decision. Select whether to block websites that have not been tested by Web Reputation Services. Note Enabling this feature may produce false positives.

4. On the File Scanning tab, configure the following settings.
   The Internet Access Gateway does not scan files that meet the specified criteria and allows users to access these files.

   Setting	Description
   Do not scan specified file types	Select one of the configured file profiles from the drop-down list. The Internet Access Gateway does not scan the files that match the selected file profile.
   Do not scan files larger than	Specify the size limit for file scanning. The Internet Access Gateway does not scan files that exceed the size limit. The file size limit cannot be greater than 2 GB.
   Do not scan files whose compression layers exceed	Specify the maximum number of compression layers for file scanning. The Internet Access Gateway does not scan files that have more compression layers than the limit. The range is from 1 through 20, and the default value is 10.
   Allow unscannable files	Select the check box to allow users to access unscannable files. A file may be unscannable because it is compressed with an unsupported file format, it is password protected, or it is corrupted.

5. On the Advanced Scanning tab, configure the following settings.

   Setting	Description
   Action to take upon detection of botnets	Select whether to block or monitor web traffic when botnet activity is detection. Block: The Internet Access Gateway blocks the web traffic. Monitor: The Internet Access Gateway allows the web traffic but logs it for botnet activity monitoring and analysis.
   Enable Predictive Machine Learning	Select the check box to enable scanning for emerging unknown security risks in files. When enabled, the Internet Access Gateway sends suspicious file features to the cloud-based Predictive Machine Learning engine that uses advanced analytics to detect unknown threats, and blocks access to the files if any unknown threat is detected.
   Action to take upon detection of suspicious objects	Select whether to block or monitor suspicious objects per suspicious object type, or apply the action configured for each specific suspicious object in the Suspicious Object Management app. Internet Access retrieves the Suspicious Object List from the Suspicious Object Management app to identify suspicious IP addresses, URLs, domains, and files in your users' internet traffic.
   Sandbox Analysis	Select whether to allow the Internet Access Cloud Gateway or On-premises Gateway to automatically submit files for analysis in the Sandbox as a Service after Internet Access identifies highly suspicious files or files with certain file types. You need to enable the Sandboxing Service on the Credit Setting page to use Sandbox as a Service. Note that the Internet Access On-premises Gateway submit files first to the Deep Discovery Analyzer appliance if it is configured on that gateway. For more information about the file objects that Internet Access submits, see Supported files for Sandbox Analysis. Important Submitting file objects for sandbox analysis requires credits in the Sandbox Analysis app. Before using this feature, make sure that you understand how credits are used and have allocated credits for the daily reserve in Submission Settings of the Sandbox Analysis app.

6. Click Save.