This article discusses how to create Anti-Malware allowlist rules to bypass the Anti-Malware inspection engines (for Anti-Malware and Next Gen Anti-Malware).
The Cato Anti-Malware engines inspect WAN and Internet traffic to protect the network and block downloading malicious files. The Allowlist lets you define the traffic that bypasses Anti-Malware inspection.
Rules in the allowlist are applied to the Anti-Malware engines before the rules in the Anti-Malware Protection Policy. Any traffic that matches a rule in the Allowlist policy will definitely bypass the scans by the Anti-Malware engines.
The Anti-Malware allowlist rules are defined according to a specific scope of the network traffic. The traffic from the Source is only allowlisted according to one of these types of network traffic:
-
WAN - WAN traffic between sites and hosts over the Cato Cloud
-
Internet - Traffic to and from the Internet
-
Any - Any network traffic
The following table explains the items that you can use to define the settings for an Anti-Malware allowlist rule:
Item |
Description |
---|---|
Name |
Enter a Name for the rule |
Enabled |
The slider is green when the rule is enabled, and gray when the rule is disabled |
Rule Order |
The order and priority of the rule in the rulebase |
Scope |
Traffic that is bypassing Anti-Malware: WAN, Internet, or All |
Source |
Source of the traffic for this rule |
What |
Only bypasses traffic that matches the traffic type, such as an Application, Category, or Domain |
Action |
Bypass - shows that the traffic is bypassed (no other actions are supported) |
You can add a new rule to the Anti-Malware allowlist rulebase and define the settings for the traffic that bypasses Anti-Malware inspection.
To create an Anti-Malware allowlist rule:
-
From the navigation menu, click Security > Anti-Malware
-
Select or expand the Allow List section, and click New. The New Allow List panel opens.
-
Configure the General settings for the rule.
-
Enter the Name for the rule.
-
Select the Scope of the rule.
-
-
Select one or more items as the Source for the rule.
The default setting is Any, which matches all traffic.
-
In the What section, set the type of traffic for the rule (such as applications, categories or services).
The default setting is Any, which matches all traffic.
-
Click Apply. The Anti-Malware allowlist rule is added to the rulebase.
-
Click Save.
Use the Allowlist section in the Anti-Malware screen to manually create, edit, and delete Anti-Malware allowlist rules.
The Anti-Malware allowlist rulebase is in the Anti-Malware screen .
To show the Anti-Malware allowlist rulebase:
-
From the navigation menu, click Security > Anti-Malware
-
Select the Allow List tab. The Anti-Malware allowlist rulebase is displayed.
When you are no longer using an Anti-Malware allowlist rule, we recommend that you delete from the rulebase instead of disabling it. Deleting a rule prevents another admin enabling it by accident.
0 comments
Article is closed for comments.