Configuring Web and Services Protection. Netgear STM600 - ProSecure Web And Email Threat Management Appliance, STM300 - ProSecure Web And Email Threat Management Appliance, STM150 - ProSecure Web And Email Threat Management Appliance

ProSecure Web/Email Security Threat Management (STM) Appliance

Table 31. Distributed Spam Analysis Settings (Continued)

Setting Description (or Subfield and Description)

Set Public

Host/IP Address and Port

The management port of the STM usually has a LAN IP address assigned, preventing users from outside the LAN from accessing the STM to look at their quarantined spam email. Select this check box to enable users from outside the LAN to access their quarantined spam email. Complete the Host/IP fields.

Note:

If you use a firewall, you need to map the public IP address and public port to the

LAN IP address of the STM’s management port.

Note:

When you select the Set Public Host/IP Address and Port check box, the spam reports (see

User-Generated Spam Reports

on page 214) display an External Link

column with hyperlinks that are consistent with the IP address and port that you specify in the Host/IP field.

Host/IP Enter the public IP address and public port of the STM.

4.

Click Apply to save your settings. The Distributed Spam Analysis section and the Send

Quarantine Spam Report section each have their own Apply and Reset buttons to enable you to make changes to these sections separately.

Configuring Web and Services Protection

The STM lets you configure the following settings to protect the network’s Internet communication:

•

The Web protocols that are scanned for malware threats

•

Actions that are taken when infected Web files or objects are detected

•

The maximum file sizes that are scanned

•

Web objects that are blocked

•

Web categories, keywords, and file types that are filtered to block objectionable or high-risk content

•

Domains and URLs that are blocked for objectionable or high-risk content

•

Customer notifications and email alerts that are sent when events are detected

•

Schedules that determine when content filtering is active

Customizing Web Protocol Scan Settings

If you have used the Setup Wizard, you might have already configured the Web protocol scan settings; the (Web) Policy screen allows you to modify these settings.

Scanning all protocols enhances network security, but might affect the performance of the

STM. For an optimum balance between security and performance, enable scanning only of the most commonly used protocols on your network. For example, you can scan FTP and

HTTP, but not HTTPS (if this last protocol is not often used). For more information about performance, see

Managing the STM’s Performance

on page 82.

Chapter 4. Content Filtering and Optimizing Scans | 105


To specify the Web protocols and ports that are scanned for malware threats.

1.

Select Web Security > Polices from the menu. The (Web) Policy screen displays:

Figure 59.

2.

Select the check boxes and complete the fields and as explained in the following table:

Table 32. Web Policy Settings

Setting Description

Services to Scan

HTTP

HTTPS Select the HTTPS check box to enable Hypertext Transfer Protocol over Secure Socket Layer

(HTTPS). This service is disabled by default. The HTTPS default port is 443. You can change the standard service port or add another port in the corresponding Ports to Scan field.

FTP

Select the HTTP check box to enable Hypertext Transfer Protocol (HTTP) scanning. This service is enabled by default and uses default port 80. You can change the standard service port or add another port in the corresponding Ports to Scan field.

Select the FTP check box to enable File Transfer Protocol (FTP). This service is enabled by default and uses default port 21. You can change the standard service port or add another port in the corresponding Ports to Scan field.

Note:

If a protocol uses a port other than the standard service port (for example, port 80 for HTTP), enter this nonstandard port in the Ports to Scan field. For example, if the HTTP service on your network uses both port 80 and port 8080, enter both port numbers in the Ports to

Scan field, and separate them by a comma.

3.

Click Apply to save your settings.

106 | Chapter 4. Content Filtering and Optimizing Scans


Configuring Web Malware Scans

If you have used the Setup Wizard, you might have already configured the Web malware action and exception scan settings; the Malware Scan screen allows you to modify these settings.

Whether or not the STM detects Web-based malware threats, you can configure it to take a variety of actions (some of the default actions are listed in

Table 24

on page 85), skip files

that are too large, and send notifications, emails, or both to the end users.

To configure the Web-based malware settings:

1.

Select Application Security > HTTP/HTTPS from the menu. The HTTP/HTTPS submenu tabs display, with the Malware Scan screen in view:

Figure 60.



2.

Complete the fields, select the check boxes, and make your selections from the drop-down lists as explained in the following table:

Table 33. Malware Scan Settings

Setting

Action

HTTP and

HTTPS

Description

Action From the HTTP or HTTPS drop-down list, specify one of the following actions to be taken when an infected Web file or object is detected:

• Quarantine file. The file is placed in quarantine, a malware quarantine log entry is created, and depending on the nature of the malware threat, also a virus log entry or a spyware log entry.

• Delete file. This is the default setting. The Web file or object is deleted, and depending on the nature of the malware threat, a virus log entry or a spyware log entry is created.

• Log only. Depending on the nature of the malware threat, only a virus log entry or a spyware log entry is created. The Web file or object is not placed in quarantine nor deleted.

Streaming Select the Streaming check box to enable streaming of partially downloaded and scanned HTTP or HTTPS file parts to the end user. This method allows the user to experience more transparent Web downloading. Streaming is enabled by default.

Scan Exceptions

From the drop-down list, specify one of the following actions to be taken when a file or message exceeds the size that you specify in the file size field:

• Skip. The file is not scanned but skipped, leaving the end user vulnerable. This is the default setting.

• Block. The file is blocked and does not reach the end user.

The default and maximum file sizes are as follows:

• For the STM600 and STM300, the default setting is to block any attachment larger than 10240 KB. The maximum file size that you can specify is 51200 KB.

• For the STM150, the default setting is to block any attachment larger than 8192 KB. The maximum file size that you can specify is 25600 KB.

Note:

Setting the maximum file size to a high value might affect the STM’s performance. NETGEAR recommends the default value, which is sufficient to detect the vast majority of threats.

HTML Scan

Scan HTML

Files

Select this check box to enable scanning of HyperText Markup Language (HTML) files, which is enabled by default.

Notification Settings

Select the Replace Page with the Following Warning Text check box to enable the STM to replace the content of a Web page that is blocked because of a detected malware threat with the following text:

NETGEAR ProSecure Web/Email Security Threat Management Appliance has detected and stopped malicious code embedded in this web site for protecting your computer and network from infection.

%VIRUSINFO%



Table 33. Malware Scan Settings (Continued)


Note:

You can customize this text. Make sure that you keep the %VIRUSINFO% metaword in the text to enable the STM to insert the correct malware threat information. In addition to the %VIRUSINFO% metaword, you can insert the following metawords in your customized message: %TIME%,

%PROTOCOL%, %FROM%, %TO%, %SUBJECT%, %FILENAME%, %ACTION%, %VIRUSNAME%.

The text is displayed on the Malware Scan screen with HTML tags. Click Preview to open a screen that displays the notification text in HTML format.

3.


Configuring Web Content Filtering

If you want to restrict internal LAN users from access to certain types of information and objects on the Internet, use the STM’s content filtering and Web objects filtering. With the exception of the Web content categories that are mentioned in

Default Email and Web Scan

Settings

on page 85, all requested traffic from any website is allowed.

You can specify a message such as “Blocked by NETGEAR” that is displayed onscreen if a user attempts to access a blocked site (see the Notification Settings section that is described at the bottom of

Table 34

on page 112). Several types of Web content blocking are available:

•

File extension blocking. You can block files based on their extension. Such files can

include executable files, audio and video files, and compressed files.

•

Web object blocking. You can block the following Web objects: embedded objects

(ActiveX, Java, Flash), proxies, and cookies; and you can disable Java scripts. However, websites that are on the whitelist (see

Configuring Web URL Filtering

on page 116) are

never subject to Web object blocking.

•

Web category blocking. You can block entire Web categories because their content is

unwanted, offensive, or not relevant, or simply to reduce traffic.

Note:

You can bypass any type of Web blocking for trusted domains by adding the exact matching domain names to the trusted host list

(see

Specifying Trusted Hosts

on page 124). Access to the domains

on the trusted host list is allowed for PCs in the groups for which file extension, object, or category blocking, or a combination of these types of Web blocking has been enabled.

Note:

You can bypass any type of Web blocking for trusted URLs by adding the URLs to the whitelist (see

Configuring Web URL Filtering

on page 116). Access to the URLs on the whitelist is allowed for PCs

in the groups for which file extension, object, or category blocking, or a combination of these types of Web blocking has been enabled.



Note:

For information about creating custom categories that allow you to set access exceptions for combinations of Web categories, see

Creating Custom Categories for Web Access Exceptions

on page 142.

If you have used the Setup Wizard, you might have already configured the Web category blocking settings; the Content Filtering screen allows you to modify these settings.

To configure Web content filtering:

1.

Select Web Security > HTTP/HTTPS from the menu. The HTTP/HTTPS submenu tabs display, with the Malware Scan screen in view.

2.

Click the Content Filtering submenu tab. The Content Filtering screen displays. Because of the large size of this screen, it is presented in this manual in three figures (the following figure,

Figure 62

on page 111, and

Figure 63

on page 112).

Figure 61. Content Filtering, screen 1 of 3





.



3.


Table 34. Content Filtering Settings

Setting

Content Filtering

Description

Log HTTP Traffic Select this check box to log HTTP traffic. For information about how to view the logged

traffic, see

Querying Logs

on page 194 .

By default, HTTP traffic is not logged.

Note:

Logging HTTP traffic might affect the STM’s performance (see

Managing the

STM’s Performance

on page 82).



Table 34. Content Filtering Settings (Continued)

Setting

Block Files with the Following

Extensions

Description

Select the check box to enable file extension blocking. By default, the File Extension field lists the most common file extensions that are detected. You can manually add or delete extensions. Use commas to separate different extensions. You can also use the drop-down list to add predefined file extensions from a specific category to the File

Extension field:

• None. No file extensions are added to the File Extension field. This is the default setting.

• Executables. Executable file extensions (exe, com, dll, so, lib, scr, bat, and cmd) are added to the File Extension field.

• Audio/Video. Audio and video file extensions (wav, mp3, avi, rm, rmvb, wma, wmv, mpg, mp4, and aac) are added to the File Extension field.

• Compressed Files. Compressed file extensions (zip, rar, gz, tar, and bz2) added to the File Extension field.

Show This Message When a File was Blocked

The STM replaces the content of a Web page that is blocked because of violating file extensions with the following text, which you can customize:

Internet Policy has restricted access to this location with file extension:

%URL%

Note:

Make sure that you keep the %URL% metaword in the text to enable the STM to show the URL of the blocked pager.

As an option, you can select the Insert Link to User Login Portal Page check box. When you select this check box, the screen that displays when a user attempts to access blocked content includes a hyperlink that allows the user to log in as another user:

You are logged in as %USER%

(Click here to login as another user)

Note:

Make sure that you keep the %LOGIN-LINK% metaword in the text to enable the STM to insert the actual hyperlink.

The text is displayed on the Content Filtering screen with HTML tags. Click Preview to open a screen that displays the notification text in HTML format.

Block Web Objects

Select one or both of the following check boxes:

Remove

Embedded Objects

All embedded objects such as ActiveX, Java, and Flash objects are removed from downloaded Web pages.

Note:

Because embedded objects are commonly used on legitimate websites, blocking embedded objects globally might have a negative impact on a user’s Web browsing experience.

Disable Javascript Javascript is disabled on downloaded Web pages.





Select the Web Categories You Wish to Block

Select the Enable Blocking check box to enable blocking of Web categories, which is the default setting.

Select the check boxes of any Web categories that you want to block. Use the action buttons at the top of the section in the following way:

• Allow All. All Web categories are allowed.

• Block All. All Web categories are blocked.

• Set to Defaults. Blocking and allowing of Web categories are returned to their default settings. See

Table 24

on page 85 for information about the Web categories that are blocked by default. Categories

that are preceded by a green rectangle are allowed by default; categories that are preceded by a pink rectangle are blocked by default.

Web Categorization Schedule

Do You Want this

Schedule to be

Active on All Days or Specific Days?

Select one of the following radio buttons:

• All Days. The schedule is in effect all days of the week.

• Specific Days. The schedule is active only on specific days.

To the right of the radio buttons, select the check box for each day that you want the schedule to be in effect.

Do You Want this

Schedule to be

Active All Day or at

Specific Times during the Day?

Select one of the following radio buttons:

• All Day. The schedule is in effect all hours of the selected day or days.

• Specific Times. The schedule is active only on specific hours of the selected day or days.

To the right of the radio buttons, fill in the Start Time and End Time fields (Hour,

Minute, AM/PM) during which the schedule is in effect.

Replace the Content of a Blocked Page with the Following Text

The STM replaces the content of a Web page that is blocked because of violating content with the following text, which you can customize:

Internet Policy has restricted access to this location belonging to the following categories:

%FULL-CATEGORY-LIST%

Note:

Make sure that you keep the %FULL-CATEGORY-LIST% metaword in the text to enable the STM to insert the categories that the blocked Web page falls under.





As an option, you can select one or both of the following check boxes:

• Allow Users to Submit a "Report a URL Misclassification" Form. When you select this check box, the screen that displays when a user attempts to access blocked content includes a hyperlink to report a

URL misclassification. See

Click here to Report a URL Misclassification

in the Web Category Lookup

section later in this table.

Note:

Make sure that you keep the %SUBMIT-URL-CATEGORIZATION% metaword in the text to enable the STM to insert the actual hyperlink.

• Insert Link to User Login Portal Page. When you select this check box, the screen that displays when a user attempts to access blocked content includes a hyperlink that allows the user to log in as another user:



Note:

Make sure that you keep the %LOGIN-LINK% metaword in the text to enable the STM to insert the actual hyperlink.

The text is displayed on the Content Filtering screen with HTML tags. Click Preview to open a screen that displays the notification text in HTML format.

Web Category Lookup

URL Enter a URL to find out if it has been categorized, and if so, in which category. Then click the Lookup button. If the URL has been categorized, the category appears next to Lookup Results.

Clear Web

Category Cache

Click Clear Web Category Cache to enable the STM to synchronize with the

NETGEAR server and download the most recent Web categorizations.

Click here to

Report a URL

Misclassification

Note:

Synchronizing might temporarily slow down the STM’s performance because the STM needs to acquire the Web categorizations remotely instead of from its local cache.

To submit a misclassified or uncategorized URL to NETGEAR for analysis, click the

Click here to Report a URL Misclassification link. A screen opens that allows you to select from drop-down lists up to two categories in which you think that the URL could be categorized. Then click the Submit button.

4.




Configuring Web URL Filtering

If you want to allow or block internal LAN users from access to certain sites on the Internet, use the STM’s Web URL filtering. You can create or import a whitelist that contains domain names and URLs that are accepted, and a blacklist with domain names and URLs that are blocked. The whitelist takes precedence over the blacklist.

Note:

A URL that you enter on the whitelist or blacklist might contain other embedded URLs such as URLs for advertisements or sponsors, causing unexpected behavior. If you want to allow a URL by placing it on the whitelist, make sure that all embedded URLs are also placed on the whitelist. Similarly, if you want to block a URL by placing it on the blacklist, make sure that all embedded URLs are also placed on the blacklist.

Note:

For information about creating custom categories that allow you to set access exceptions for combinations of URLs, see

Creating

Custom Categories for Web Access Exceptions

on page 142.



To configure Web URL filtering:

1.

Select Web Security > HTTP/HTTPS from the menu. The HTTP/HTTPS submenu tabs display, with the Malware Scan screen in view.

2.

Click the URL Filtering submenu tab. The URL Filtering screen displays:

Figure 64.



3.

Select the check boxes and complete the fields and as explained in the following table:

Table 35. URL Filtering Settings


Whitelist (takes precedence over Blacklist)

Enable

URL

Select this check box to bypass scanning of the URLs that are listed in the URL field.

Users are allowed to access the URLs that are listed in the URL field.

This field contains the URLs for which scanning is bypassed. To add a URL to this field, use the Add URL field or the Import from File tool (see information later in this table).

You can add a maximum of 2000 URLs.

Note:

If a URL is in both the whitelist and blacklist, then the whitelist takes precedence and URLs on the whitelist are not scanned.

Add URL

Import from File

Note:

Wildcards (*) are supported. For example, if you enter www.net*.com in the URL field, any URL that begins with www.net and ends with .com is allowed.

Delete To delete one or more URLs, highlight the URLs, and click the Delete table button.

Export To export the URLs, click the Export table button, and follow the instructions of your browser.

Type or copy a URL in the Add URL field. Then click the Add table button to add the

URL to the URL field.

To import a list with URLs into the URL field, click the Browse button and navigate to a file in .txt format that contains line-delimited URLs (that is, one URL per line). Then click the Upload table button to add the URLs to the URL field.

Note:

Any existing URLs in the URL field are overwritten when you import a list of

URLs from a file.

Blacklist

Enable

URL

Select this check box to block the URLs that are listed in the URL field. Users attempting to access these URLs receive a notification (see information later in this table).

This field contains the URLs that are blocked. To add a URL to this field, use the Add

URL field or the Import from File tool (see information later in this table). You can add a maximum of 2000 URLs.

Note:

If a URL is in both the whitelist and blacklist, then the whitelist takes precedence and URLs on the whitelist are not scanned.

Note:

Wildcards (*) are supported. For example, if you enter www.net*.com in the URL field, any URL that begins with www.net and ends with .com is blocked.

Delete To delete one or more URLs, highlight the URLs, and click the Delete table button.

Export To export the URLs, click the Export table button and follow the instructions of your browser.



Table 35. URL Filtering Settings (Continued)

Setting

Add URL

Import from File

Description

Type or copy a URL in the Add URL field. Then click the Add table button to add the

URL to the URL field.

To import a list with URLs into the URL field, click the Browse button and navigate to a file in .txt format that contains line-delimited URLs (that is, one URL per line). Then click the Upload table button to add the URLs to the URL field.

Note:

Any existing URLs in the URL field are overwritten when you import a list of

URLs from a file.

Replace the

Content of a

Blocked Page with the Following Text

When a user attempts to access a blocked URL, the STM replaces the content of the blocked URL with the following text, which you can customize:

Internet Policy has restricted access to this location:

%URL%

Note:

Make sure that you keep the %URL% metaword in the text to enable the STM to insert the category that the blocked Web page falls under.

As an option, you can select the Insert Link to User Login Portal Page check box to include a hyperlink on screen that allows the user to log in as another user:



Note:

Make sure that you keep the %LOGIN-LINK% metaword in the text to enable the

STM to insert the actual hyperlink.

The text is displayed on the URL Filtering screen with HTML tags. Click Preview to open a screen that displays the notification text in HTML format.

4.


HTTPS Scan Settings

HTTPS traffic is encrypted traffic that cannot be scanned or the data stream would not be secure. However, the STM can scan HTTPS traffic that is transmitted through an HTTP proxy. The STM can break up the SSL connection between the HTTPS server and the HTTP client, scan the HTTPS traffic, and then rebuild the SSL connection.



The following figure shows the HTTPS scanning traffic flow:

Figure 65.

The HTTPS scanning process functions with the following principles:

•

The STM breaks up an SSL connection between an HTTPS server and an HTTP client into two parts:

-

A connection between the HTTPS client and the STM

-

A connection between the STM and the HTTPS server

•

The STM simulates the HTTPS server communication to the HTTPS client, including the

SSL negotiation, certificate exchange, and certificate authentication. In effect, the STM functions as the HTTPS server for the HTTPS client.

•

The STM simulates the HTTPS client communication to the HTTPS server, including the

SSL negotiation, certificate exchange, and certificate authentication. In effect, the STM functions as the HTTPS client for the HTTPS server.

During SSL authentication, the HTTPS client authenticates three items:

•

Is the certificate trusted?

•

Has the certificate expired?

•

Does the name on the certificate match that of the website?



If one of these is not satisfied, a security alert message displays in the browser window:

Figure 66.

However, even when a certificate is trusted or still valid, or when the name of a certificate does match the name of the website, a security alert message still displays when a user who is connected to the STM visits an HTTPS site. The appearance of this security alert message is expected behavior because the HTTPS client receives a certificate from the STM instead of directly from the HTTPS server. If you want to prevent this security alert message from displaying, install a root certificate on the client PC. The root certificate can be downloaded

from the STM’s User Portal Login screen (see

Figure 88

on page 156).

If client authentication is required, the STM might not be able to scan the HTTPS traffic because of the nature of SSL. SSL has two parts—client and server authentication. HTTPS server authentication occurs with every HTTPS request, but HTTPS client authentication is not mandatory, and rarely occurs. Therefore it is of less importance whether the HTTPS request comes from the STM or from the real HTTPS client.

However, certain HTTPS servers do require HTTPS client certificate authentication for every

HTTPS request. Because of the design of SSL, the HTTPS client needs to present its own certificate in this situation rather than using the one from the STM, preventing the STM from scanning the HTTPS traffic. For information about certificates, see

Managing Digital

Certificates

on page 76.

You can specify trusted hosts for which the STM bypasses HTTPS traffic scanning. For more

information, see


on page 124.



To configure the HTTPS scan settings:

1.

Select Web Security > HTTP/HTTPS from the menu. The HTTP/HTTPS submenu tabs display, with the Malware Scan screen in view.

2.

Click the HTTPS Settings submenu tab. The HTTPS Settings screen displays:

Figure 67.



3.

Select the check boxes and complete the field and as explained in the following table:

Table 36. HTTPS Settings

Setting

HTTP Tunneling

Description

Select this check box to allow scanning of HTTPS connections through an HTTP proxy, which is disabled by default. Traffic from trusted hosts is not scanned (see


on page 124).

Note:

For HTTPS scanning to occur correctly, you need to add the HTTP proxy server port in the Ports to

Scan field for the HTTPS service on the Services screen (see

Configuring the HTTP Proxy Settings

on page 60).

HTTPS SSL Settings

Select the Allow the STM to handle HTTPS connections using SSLv2 check box to allow HTTPS connections using SSLv2, SSLv3, or TLSv1. If this check box is cleared, the STM allows HTTPS connections using SSLv3 or TLSv1, but SSLv2 connections are dropped by the STM.

HTTPS 3rd Party Website Certificate Handling

Select this check box to allow a Secure Sockets Layer (SSL) connection with a valid certificate that is not signed by a trusted Certificate Authority (CA). The default setting is to allow such as a connection.

Show This Message When an SSL Connection Attempt Fails

By default, a rejected SSL connection is replaced with the following text, which you can customize:

The SSL connection cannot be established.

URL: %URL%

REASON: %REASON%

Note:

The text is displayed on the HTTPS Settings screen with HTML tags. Click Preview to open a screen that displays the notification text in HTML format.

Note:

Make sure that you keep the %URL% and %REASON% metawords in the text to enable the STM to insert the correct URL information and the reason of the rejection.

4.


Note:

For information about certificates that are used for SSL connections and HTTPS traffic, see

Managing Digital Certificates

on page 76.



Specifying Trusted Hosts

You can specify trusted hosts for which the STM bypasses HTTPS traffic scanning and security certificate authentication. The security certificate is sent directly to the client for authentication, which means that the user does not receive a security alert for trusted hosts.

For more information about security alerts, see

Managing Digital Certificates

on page 76.

Note that certain sites contain elements from different HTTPS hosts. As an example, assume that the https://example.com site contains HTTPS elements from the following three hosts:

•

trustedhostserver1.example.com

•

trustedhostserver2.example.com

•

imageserver.example.com

To completely bypass the scanning of the https://example.com site, you need to add all three hosts to the trusted hosts list because different files from these three hosts are also downloaded when a user attempts to access the https://example.com site.

To specify trusted hosts:

1.

Select Web Security > HTTP/HTTPS from the menu. The HTTP/HTTPS submenu tabs display, with the Malware Scan screen in view.

2.

Click the Trusted Hosts submenu tab. The Trusted Hosts screen displays. (The following figure contains an example.)

Figure 68.



3.

Complete the fields and select the check box as explained in the following table:

Table 37. Trusted Hosts Settings


Do Not Intercept HTTPS Connections for the following Hosts

Enable

Hosts

Select this check box to bypass scanning of trusted hosts that are listed in the Hosts field.

Users do not receive a security alert for trusted hosts that are listed in the Hosts field.

This field contains the trusted hosts for which scanning is bypassed. To add a host to this field, use the Add Host field or the Import from File tool (see later in this table). You can add a maximum of 200 hosts.

Add Host

Delete

Export

To delete one or more hosts, highlight the hosts, and click the Delete table button.

To export the hosts, click the Export table button and follow the instructions of your browser.

Type or copy a trusted host in the Add Host field. Then click the Add table button to add the host to the Hosts field.

Import from File To import a list with trusted hosts into the Hosts field, click the Browse button and navigate to a file in .txt format that contains line-delimited hosts (that is, one host per line). Then click the Upload table button to add the hosts to the Host field.

Note:

Any existing hosts in the Hosts field are overwritten when you import a list of hosts from a file.

4.


Configuring FTP Scans

Some malware threats are specifically developed to spread through the FTP protocol. By default, the STM scans FTP traffic, but you can specify how the STM scans FTP traffic and which action is taken when a malware threat is detected.

Note:

The STM does not scan password-protected FTP files.



To configure the FTP scan settings:

1.

Select Web Security > FTP from the menu. The FTP screen displays:

Figure 69.

2.


Table 38. FTP Scan Settings


Action

FTP Action From the FTP drop-down list, specify one of the following actions to be taken when an infected FTP file or object is detected:

• Quarantine file. The FTP file or object is placed in quarantine, a malware quarantine log entry is created, and depending on the nature of the malware threat, also a virus log entry or a spyware log entry.

• Delete file. This is the default setting. The FTP file or object is deleted, and depending on the nature of the malware threat, a virus log entry or a spyware log entry is created.

• Log only. Depending on the nature of the malware threat, only a virus log entry or a spyware log entry is created. The FTP file or object is not deleted.


Configuring Web and Services Protection. Netgear STM600 - ProSecure Web And Email Threat Management Appliance, STM300 - ProSecure Web And Email Threat Management Appliance, STM150 - ProSecure Web And Email Threat Management Appliance

Configuring Web and Services Protection

Customizing Web Protocol Scan Settings

Configuring Web Malware Scans

Configuring Web Content Filtering

File extension blocking. You can block files based on their extension. Such files can

Web object blocking. You can block the following Web objects: embedded objects

Web category blocking. You can block entire Web categories because their content is

Configuring Web URL Filtering

HTTPS Scan Settings

Specifying Trusted Hosts

Configuring FTP Scans

Related manuals

Table of contents

Configuring Web and Services Protection. Netgear STM600 - ProSecure Web And Email Threat Management Appliance, STM300 - ProSecure Web And Email Threat Management Appliance, STM150 - ProSecure Web And Email Threat Management Appliance