Settings - Detection settings

On the Detection settings screen it is possible to set the behavior of each of the detection engines. The detection engines automatically check the contents of each sent package and decide, it it is safe for users to access the package. If not, the package is quarantined. This configuration therefore has a significant effect on the functionality of the application and safety of all packages.

The detection engines are split into the following three categories:

• Internal modules - are integral part of the application and are always available. The following internal modules are at disposal:

  • Content Disarm and Reconstruction (CDR)

  • Data Leak Prevention (DLP)

  • Encrypted content detection

  • MIME types detection

• Antiviruses - Antiviruses must be installed first, before they are available for use. For details how to do so, see Installation manual. For available settings see Antivirus settings.

• Sandboxes - external Sandboxing tools used for advanced threat emulation and detection. Communication with them is done using their API. Correct setup is required before using them. The following Sandboxes are supported:

  • Fortinet FortiSandbox

  • Check Point Sandblast

  • Check Point Sandblast Cloud

For each of the detection engines the following items are shown:

Available

Indicates whether the specific detection engine is available (working). The way to test the availability is specific for each of the detection engines (for local antiviruses it is a test file scan, for sandboxes it is test API call, internal modules are always available). If the engine is not available and is not enabled already, it cannot be enabled, until it becomes available. If some unavailable engine is enabled, the application does try to perform the checks (although they will probably fail).

Enabled

Specifies whether the specific detection engine is being used to check uploaded files.

Mandatory

Determines the behavior when some file check fails. If the engine is not mandatory and the check fails, the check is skipped and the application proceeds with other engine checks. If the check by a mandatory engine fails, it is repeated periodically (the package is not available for download until all mandatory checks are finished, or the maximum time for them expires, see Settings - Configuration - Packages - Expiration).

Action

For each detection engine it is possible to modify its settings, force recheck of its availability and show its state. The information about state are different for each engine.