Policies With Content Inspection Type of Malware Scan
- On the Basic Details page, click the Native Scan Engine toggle.
- (Optional) To specify a time range in which the cloud application will be available, click the Time Window toggle.Then, select these options:
- The days of the week for which you want to apply a time window
- The time range for those days
To add another time window, click the + icon at the right, then select the days and time ranges for that time window.
To add a time range for after office hours, (for example, from 7:00 PM to 8:00 AM), you need to configure two time-window settings: the first for the hours up until midnight; the second for the hours starting at midnight and ending at the desired morning time.
- Set a time range from 7:00 PM until 0:00 (midnight).
-
Click the + sign to add a time range from 0:00 (midnight) until 8:00 am.
- Click Next to select cloud applications and enter context and actions.
Select the Any App option under Enterprise Apps to enforce controls for both managed and unmanaged enterprise apps.
- Select one or more Activities to which the policy should apply.
- Under Context Rules, select a context rule type and a context.
Context Type Options Users Choose All or Selected. For Selected, enter a valid email address for each user. Separate each address with a comma. User Groups User groups are organized into directories. When you select User Group as a context type, the available directories containing the groups are listed in the left column.
Select a directory to view the user groups it contains. The user groups for that directory are displayed.
Select the groups from the list and click the right-arrow icon to move them to the Selected User Groups column and click Save. These are the groups to which the policy will apply.
To search for a directory or group, click the Search icon at the top. To refresh the list, click the Refresh icon at the top.
Folder Select one or more folders to include in the policy context.
Selecting a folder Click the folder name once, then click the right-arrow icon. The folder name is added to the Selected Folders list at the right.
If you selected an empty folder, a message appears. Hover over the folder name at the top of the list, click All Files, and select another folder.
Viewing a list of files in a folder Double-click the folder name.
To restore the folder list, hover over the folder name and click All Files.
Removing a folder from the Selected Folders list Hover over the folder name, click the trash can icon, and deselect the folder name in the Select Folder list at the left.
Searching for a folder by name or folder ID Click the Search icon and enter all or part of the folder name or folder ID. Matching folder names appear in the list.
To restore the folder list, click the Refresh icon. When you are finished selecting folders, click Save to include them in the policy context. Location Check one or more locations, or check Select All. Device Profile Select a context type and a target for each type.
Managed status: Select an option. - Managed
- Unmanaged
Compliance Status: Select one or more options. - Protected
- Disconnected
- Compliant
- Non-Compliant
Depending on what you select, some other options are disabled. For example, if you select Protected, Disconnected is disabled. If you select Disconnected, Protected is disabled. Threat Status: Select one or more options. - Secure
- Low
- Medium
- High
Click the + sign at the right to add additional Device Profile contexts. When you have selected and configured all of the context options for Device Profile, (Managed Status, Compliance Status, and Threat Status), you cannot select additional targets if you add another Device Profile context rule. Device OS From the Match prompt, select an operator: Equal To, Not Equal To, Greater Than, or Less Than.
Then, from the Device OS prompt, select an OS and an OS version. If you selected Equal To or Not Equal To, you can select multiple OS versions or click Select All. If you selected Greater Than or Less Than, you can select only one OS version from each category.
Click Save.
Device OS context policies are currently supported only on OS versions under 11 for both Windows and MacOS.
Browser Types From the Match prompt, select an operator: Equal To, Not Equal To, Greater Than, or Less Than.
Then, from the Browser Types prompt, select a browser type and version. If you selected Equal To or Not Equal To, you can select multiple browser versions or click Select All. If you selected Greater Than or Less Than, you can choose only one browser version from each category.
Click Save.
Source IP Enter a valid IP address range.
(Optional) To enter an additional IP address range, click the + icon and enter the values.
Click Save.
IP Risk Score Select a risk score level: Low & Above, Medium & Above, or High. Sharing Type Select External or Internal. - Click Next to select actions.
- Select either Allow & Log or Deny as the primary session action.
- Select a secondary action (if available for the cloud applications you selected).
-
For email, the Quarantine Copy secondary action makes a copy of any email containing violating content in the subject line, body, or attachments. You can choose the Allow & Log primary action to allow access, while a copy of the message is placed in quarantine for review of the violating content.
The Quarantine Copy action is applied only once per email, even if there are multiple violations in different parts of the content.
-
If you have set up Continuous Authentication or User Coaching, those options will also be available.
- To include additional secondary actions, click the + icont
-
- For notifications, select a notification from the list.
- Click Next and review the summary page.
- Click Confirm to save the policy or Previous to make any modifications.
